├── README.md ├── TEMP.md ├── create-pool-edgelb-all.sh ├── csi-iam-policy.json ├── images ├── .DS_Store ├── instructor_1.png ├── lab0_1.png ├── lab1_1.png ├── lab2_1.png ├── lab2_2.png ├── lab3_1.png ├── lab4_1.png ├── lab4_2.png ├── lab8_1.png ├── lab9_1.png ├── lab9_2.png └── lab9_3.png ├── instructor.md ├── instructor_automated.sh ├── labs ├── linux-macOS │ ├── README.md │ ├── lab0_prerequisites.md │ ├── lab10_monitoring.md │ ├── lab1_deploying_kubernetes.md │ ├── lab2_scaling.md │ ├── lab3_upgrading.md │ ├── lab4_loadbalancing.md │ ├── lab5_networkpolicies.md │ ├── lab6_portworxstorage.md │ ├── lab7_csi_storage.md │ ├── lab8_configure_helm.md │ └── lab9_istio.md └── windows_WIP │ ├── README.md │ ├── lab0_prerequisites.md │ ├── lab10_monitoring.md │ ├── lab1_deploying_kubernetes.md │ ├── lab2_scaling.md │ ├── lab3_upgrading.md │ ├── lab4_loadbalancing.md │ ├── lab5_networkpolicies.md │ ├── lab6_portworxstorage.md │ ├── lab7_csi_storage.md │ ├── lab8_configure_helm.md │ └── lab9_istio.md ├── main.tf.example ├── prerequesites.sh ├── scripts ├── check-app-status.sh ├── check-kubernetes-cluster-status.sh ├── check-kubernetes-mke-status.sh ├── check-status-with-name.sh ├── create-and-attach-volumes.sh ├── create-csi-iam-policy.sh ├── create-dklb-secret.sh ├── create-service-account.sh ├── csi-driver-deployments-master.zip ├── deploy-dcos-monitoring.sh ├── deploy-edgelb.sh ├── deploy-kubernetes-cluster.sh ├── deploy-kubernetes-mke.sh ├── deploy-portworx.sh ├── detach-and-delete-volumes.sh ├── dklb-deployment.yaml ├── dklb-prereqs.yaml ├── grant-permissions.sh ├── options-dcos-monitoring.json ├── options-edgelb.json ├── options-kubernetes-cluster.json.template ├── options-kubernetes-metrics-exporter.json.template ├── options-kubernetes-mke.json ├── options-kubernetes-update-cluster.json.template ├── options-portworx.json.template ├── setup_cli.sh └── update-aws-network-configuration.sh ├── student ├── create-service-account.sh ├── csi-driver-deployments-master.zip ├── dklb-deployment.yaml ├── dklb-prereqs.yaml ├── grant-permissions.sh ├── istio-1.2.2 │ ├── LICENSE │ ├── README.md │ ├── bin │ │ └── istioctl │ ├── install │ │ ├── README.md │ │ ├── consul │ │ │ ├── README.md │ │ │ ├── consul_config │ │ │ │ ├── agent-loglevel.json │ │ │ │ ├── agent.json │ │ │ │ ├── disable_update_check.json │ │ │ │ └── server.json │ │ │ ├── istio.yaml │ │ │ └── kubeconfig │ │ ├── gcp │ │ │ ├── README.md │ │ │ ├── bootstrap │ │ │ │ └── gcp_envoy_bootstrap.json │ │ │ └── deployment_manager │ │ │ │ ├── README.md │ │ │ │ ├── istio-cluster.jinja │ │ │ │ ├── istio-cluster.jinja.display │ │ │ │ ├── istio-cluster.jinja.schema │ │ │ │ └── istio-cluster.yaml │ │ ├── kubernetes │ │ │ ├── README.md │ │ │ ├── ansible │ │ │ │ ├── README.md │ │ │ │ ├── ansible.cfg │ │ │ │ ├── istio │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── meta │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ ├── add_to_path.yml │ │ │ │ │ │ ├── assert_oc_admin.yml │ │ │ │ │ │ ├── bookinfo_cmd.j2 │ │ │ │ │ │ ├── change_scc.yml │ │ │ │ │ │ ├── create_namespace_free_definition_file.yml │ │ │ │ │ │ ├── delete_resources.yml │ │ │ │ │ │ ├── install_on_cluster.yml │ │ │ │ │ │ ├── install_sample.yml │ │ │ │ │ │ ├── install_samples.yml │ │ │ │ │ │ ├── main.yml │ │ │ │ │ │ ├── safely_create_namespace.yml │ │ │ │ │ │ ├── set_appropriate_cmd_path.yml │ │ │ │ │ │ ├── set_istio_distro_vars.yml │ │ │ │ │ │ ├── set_istio_path.yml │ │ │ │ │ │ └── simple_sample_cmd.j2 │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ └── main.yml │ │ │ ├── global-default-sidecar-scope.yaml │ │ │ ├── helm │ │ │ │ ├── README.md │ │ │ │ ├── helm-service-account.yaml │ │ │ │ ├── istio-cni │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _labels.tpl │ │ │ │ │ │ └── istio-cni.yaml │ │ │ │ │ ├── values.yaml │ │ │ │ │ └── values_gke.yaml │ │ │ │ ├── istio-init │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── README.md │ │ │ │ │ ├── files │ │ │ │ │ │ ├── crd-10.yaml │ │ │ │ │ │ ├── crd-11.yaml │ │ │ │ │ │ ├── crd-12.yaml │ │ │ │ │ │ ├── crd-certmanager-10.yaml │ │ │ │ │ │ └── crd-certmanager-11.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap-crd-10.yaml │ │ │ │ │ │ ├── configmap-crd-11.yaml │ │ │ │ │ │ ├── configmap-crd-12.yaml │ │ │ │ │ │ ├── configmap-crd-certmanager-10.yaml │ │ │ │ │ │ ├── configmap-crd-certmanager-11.yaml │ │ │ │ │ │ ├── job-crd-10.yaml │ │ │ │ │ │ ├── job-crd-11.yaml │ │ │ │ │ │ ├── job-crd-12.yaml │ │ │ │ │ │ ├── job-crd-certmanager-10.yaml │ │ │ │ │ │ ├── job-crd-certmanager-11.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── istio │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── README.md │ │ │ │ │ ├── charts │ │ │ │ │ ├── certmanager │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── issuer.yaml │ │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ │ ├── rbac.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── galley │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ │ └── validatingwebhookconfiguration.yaml.tpl │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── gateways │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ │ ├── preconfigured.yaml │ │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── grafana │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── dashboards │ │ │ │ │ │ │ ├── galley-dashboard.json │ │ │ │ │ │ │ ├── istio-mesh-dashboard.json │ │ │ │ │ │ │ ├── istio-performance-dashboard.json │ │ │ │ │ │ │ ├── istio-service-dashboard.json │ │ │ │ │ │ │ ├── istio-workload-dashboard.json │ │ │ │ │ │ │ ├── mixer-dashboard.json │ │ │ │ │ │ │ └── pilot-dashboard.json │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── configmap-custom-resources.yaml │ │ │ │ │ │ │ ├── configmap-dashboards.yaml │ │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ │ ├── create-custom-resources-job.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── grafana-ports-mtls.yaml │ │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ │ └── test-grafana-connection.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── istiocoredns │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── kiali │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ │ ├── demosecret.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ │ └── test-kiali-connection.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── mixer │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── config.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── nodeagent │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── pilot │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── meshexpansion.yaml │ │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── prometheus │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebindings.yaml │ │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ │ └── test-prometheus-connection.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── security │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── cleanup-secrets.yaml │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ │ ├── create-custom-resources-job.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── enable-mesh-mtls.yaml │ │ │ │ │ │ │ ├── enable-mesh-permissive.yaml │ │ │ │ │ │ │ ├── meshexpansion.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ │ └── test-citadel-connection.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── sidecarInjectorWebhook │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── tracing │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── deployment-jaeger.yaml │ │ │ │ │ │ ├── deployment-zipkin.yaml │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ ├── service-jaeger.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── tests │ │ │ │ │ │ │ └── test-tracing-connection.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── example-values │ │ │ │ │ ├── README.md │ │ │ │ │ ├── values-istio-example-sds-vault.yaml │ │ │ │ │ ├── values-istio-gateways.yaml │ │ │ │ │ ├── values-istio-googleca.yaml │ │ │ │ │ └── values-istio-multicluster-gateways.yaml │ │ │ │ │ ├── files │ │ │ │ │ └── injection-template.yaml │ │ │ │ │ ├── requirements.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── _podDisruptionBudget.tpl │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ ├── install-custom-resources.sh.tpl │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── sidecar-injector-configmap.yaml │ │ │ │ │ ├── values-istio-demo-auth.yaml │ │ │ │ │ ├── values-istio-demo.yaml │ │ │ │ │ ├── values-istio-minimal.yaml │ │ │ │ │ ├── values-istio-remote.yaml │ │ │ │ │ ├── values-istio-sds-auth.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istio-demo-auth.yaml │ │ │ ├── istio-demo.yaml │ │ │ ├── mesh-expansion.yaml │ │ │ └── namespace.yaml │ │ └── tools │ │ │ ├── setupIstioVM.sh │ │ │ └── setupMeshEx.sh │ ├── istio.VERSION │ ├── samples │ │ ├── README.md │ │ ├── bookinfo │ │ │ ├── README.md │ │ │ ├── networking │ │ │ │ ├── ROUTING_RULE_MIGRATION.md │ │ │ │ ├── bookinfo-gateway.yaml │ │ │ │ ├── certmanager-gateway.yaml │ │ │ │ ├── destination-rule-all-mtls.yaml │ │ │ │ ├── destination-rule-all.yaml │ │ │ │ ├── destination-rule-reviews.yaml │ │ │ │ ├── egress-rule-google-apis.yaml │ │ │ │ ├── fault-injection-details-v1.yaml │ │ │ │ ├── virtual-service-all-v1.yaml │ │ │ │ ├── virtual-service-details-v2.yaml │ │ │ │ ├── virtual-service-ratings-db.yaml │ │ │ │ ├── virtual-service-ratings-mysql-vm.yaml │ │ │ │ ├── virtual-service-ratings-mysql.yaml │ │ │ │ ├── virtual-service-ratings-test-abort.yaml │ │ │ │ ├── virtual-service-ratings-test-delay.yaml │ │ │ │ ├── virtual-service-reviews-50-v3.yaml │ │ │ │ ├── virtual-service-reviews-80-20.yaml │ │ │ │ ├── virtual-service-reviews-90-10.yaml │ │ │ │ ├── virtual-service-reviews-jason-v2-v3.yaml │ │ │ │ ├── virtual-service-reviews-test-v2.yaml │ │ │ │ ├── virtual-service-reviews-v2-v3.yaml │ │ │ │ └── virtual-service-reviews-v3.yaml │ │ │ ├── platform │ │ │ │ ├── consul │ │ │ │ │ ├── README.md │ │ │ │ │ ├── bookinfo.sidecars.yaml │ │ │ │ │ ├── bookinfo.yaml │ │ │ │ │ ├── cleanup.sh │ │ │ │ │ ├── destination-rule-all.yaml │ │ │ │ │ ├── virtual-service-all-v1.yaml │ │ │ │ │ ├── virtual-service-ratings-test-abort.yaml │ │ │ │ │ ├── virtual-service-ratings-test-delay.yaml │ │ │ │ │ ├── virtual-service-reviews-50-v3.yaml │ │ │ │ │ ├── virtual-service-reviews-test-v2.yaml │ │ │ │ │ ├── virtual-service-reviews-v2-v3.yaml │ │ │ │ │ └── virtual-service-reviews-v3.yaml │ │ │ │ └── kube │ │ │ │ │ ├── README.md │ │ │ │ │ ├── bookinfo-certificate.yaml │ │ │ │ │ ├── bookinfo-db.yaml │ │ │ │ │ ├── bookinfo-details-v2.yaml │ │ │ │ │ ├── bookinfo-details.yaml │ │ │ │ │ ├── bookinfo-ingress.yaml │ │ │ │ │ ├── bookinfo-mysql.yaml │ │ │ │ │ ├── bookinfo-ratings-discovery.yaml │ │ │ │ │ ├── bookinfo-ratings-v2-mysql-vm.yaml │ │ │ │ │ ├── bookinfo-ratings-v2-mysql.yaml │ │ │ │ │ ├── bookinfo-ratings-v2.yaml │ │ │ │ │ ├── bookinfo-ratings.yaml │ │ │ │ │ ├── bookinfo-reviews-v2.yaml │ │ │ │ │ ├── bookinfo.yaml │ │ │ │ │ ├── cleanup.sh │ │ │ │ │ ├── productpage-nodeport.yaml │ │ │ │ │ └── rbac │ │ │ │ │ ├── details-reviews-policy-permissive.yaml │ │ │ │ │ ├── details-reviews-policy.yaml │ │ │ │ │ ├── mongodb-policy.yaml │ │ │ │ │ ├── namespace-policy.yaml │ │ │ │ │ ├── productpage-policy.yaml │ │ │ │ │ ├── ratings-policy.yaml │ │ │ │ │ ├── rbac-config-ON.yaml │ │ │ │ │ ├── rbac-config-on-mongodb.yaml │ │ │ │ │ ├── rbac-config-on-permissive.yaml │ │ │ │ │ └── rbac-permissive-telemetry.yaml │ │ │ ├── policy │ │ │ │ ├── mixer-rule-deny-ip-crd.yaml │ │ │ │ ├── mixer-rule-deny-ip.yaml │ │ │ │ ├── mixer-rule-deny-label-crd.yaml │ │ │ │ ├── mixer-rule-deny-label.yaml │ │ │ │ ├── mixer-rule-deny-serviceaccount.yaml │ │ │ │ ├── mixer-rule-deny-whitelist-crd.yaml │ │ │ │ ├── mixer-rule-deny-whitelist.yaml │ │ │ │ ├── mixer-rule-ingress-denial.yaml │ │ │ │ ├── mixer-rule-kubernetesenv-telemetry.yaml │ │ │ │ ├── mixer-rule-productpage-ratelimit-crd.yaml │ │ │ │ ├── mixer-rule-productpage-ratelimit.yaml │ │ │ │ ├── mixer-rule-productpage-redis-quota-fixed-window.yaml │ │ │ │ ├── mixer-rule-productpage-redis-quota-rolling-window.yaml │ │ │ │ ├── mixer-rule-ratings-denial.yaml │ │ │ │ ├── mixer-rule-ratings-ratelimit.yaml │ │ │ │ ├── mixer-rule-ratings-redis-quota-fixed-window.yaml │ │ │ │ ├── mixer-rule-ratings-redis-quota-rolling-window.yaml │ │ │ │ ├── prometheus-adapter-deployment.yaml │ │ │ │ └── prometheus-oop-rule.yaml │ │ │ ├── src │ │ │ │ ├── mongodb │ │ │ │ │ └── ratings_data.json │ │ │ │ ├── productpage │ │ │ │ │ ├── requirements.txt │ │ │ │ │ └── test-requirements.txt │ │ │ │ └── ratings │ │ │ │ │ └── package.json │ │ │ ├── swagger.yaml │ │ │ └── telemetry │ │ │ │ ├── fluentd-istio-crd.yaml │ │ │ │ ├── fluentd-istio.yaml │ │ │ │ ├── log-entry-crd.yaml │ │ │ │ ├── log-entry.yaml │ │ │ │ ├── metrics-crd.yaml │ │ │ │ ├── metrics.yaml │ │ │ │ ├── tcp-metrics-crd.yaml │ │ │ │ └── tcp-metrics.yaml │ │ ├── certs │ │ │ ├── README.md │ │ │ ├── ca-cert.pem │ │ │ ├── ca-key.pem │ │ │ ├── cert-chain.pem │ │ │ └── root-cert.pem │ │ ├── custom-bootstrap │ │ │ ├── README.md │ │ │ ├── custom-bootstrap.yaml │ │ │ └── example-app.yaml │ │ ├── external │ │ │ ├── README.md │ │ │ ├── aptget.yaml │ │ │ ├── github.yaml │ │ │ └── pypi.yaml │ │ ├── fortio │ │ │ └── stackdriver.yaml │ │ ├── health-check │ │ │ ├── liveness-command.yaml │ │ │ ├── liveness-http-same-port.yaml │ │ │ └── liveness-http.yaml │ │ ├── helloworld │ │ │ ├── README.md │ │ │ ├── helloworld-gateway.yaml │ │ │ ├── helloworld.yaml │ │ │ └── src │ │ │ │ └── requirements.txt │ │ ├── httpbin │ │ │ ├── README.md │ │ │ ├── httpbin-gateway.yaml │ │ │ ├── httpbin-nodeport.yaml │ │ │ ├── httpbin-vault.yaml │ │ │ ├── httpbin.yaml │ │ │ ├── policy │ │ │ │ ├── keyval-template.yaml │ │ │ │ └── keyval.yaml │ │ │ └── sample-client │ │ │ │ └── fortio-deploy.yaml │ │ ├── https │ │ │ ├── default.conf │ │ │ └── nginx-app.yaml │ │ ├── kubernetes-blog │ │ │ ├── bookinfo-ratings.yaml │ │ │ ├── bookinfo-reviews-v2.yaml │ │ │ └── bookinfo-v1.yaml │ │ ├── rawvm │ │ │ └── README.md │ │ ├── sleep │ │ │ ├── README.md │ │ │ ├── policy │ │ │ │ ├── sni-serviceaccount.yaml │ │ │ │ └── sni-wikipedia.yaml │ │ │ ├── sleep-vault.yaml │ │ │ ├── sleep.yaml │ │ │ └── telemetry │ │ │ │ └── sni-logging.yaml │ │ ├── tcp-echo │ │ │ ├── README.md │ │ │ ├── tcp-echo-20-v2.yaml │ │ │ ├── tcp-echo-all-v1.yaml │ │ │ ├── tcp-echo-services.yaml │ │ │ └── tcp-echo.yaml │ │ └── websockets │ │ │ ├── README.md │ │ │ ├── app.yaml │ │ │ └── route.yaml │ └── tools │ │ ├── README.md │ │ ├── _istioctl │ │ ├── cache_buster.yaml │ │ ├── checker │ │ ├── README.md │ │ ├── checker.go │ │ ├── envvarlinter │ │ │ ├── README.md │ │ │ ├── envvar_test.go │ │ │ ├── main.go │ │ │ ├── rules │ │ │ │ ├── no_os_env.go │ │ │ │ └── util.go │ │ │ ├── rules_matcher.go │ │ │ ├── testdata │ │ │ │ └── envuse.go │ │ │ └── whitelist.go │ │ ├── report.go │ │ ├── rule.go │ │ ├── testlinter │ │ │ ├── README.md │ │ │ ├── e2etest_lint_test.go │ │ │ ├── integtest_lint_test.go │ │ │ ├── lint_rules_list.go │ │ │ ├── main.go │ │ │ ├── rules │ │ │ │ ├── no_goroutine.go │ │ │ │ ├── no_short.go │ │ │ │ ├── no_sleep.go │ │ │ │ ├── short_skip.go │ │ │ │ ├── skip_issue.go │ │ │ │ └── util.go │ │ │ ├── rules_matcher.go │ │ │ ├── testdata │ │ │ │ ├── e2e │ │ │ │ │ └── e2e_test.go │ │ │ │ ├── integration │ │ │ │ │ └── integtest_test.go │ │ │ │ ├── integtest_integ_test.go │ │ │ │ └── unit_test.go │ │ │ ├── testlinter │ │ │ ├── unittest_lint_test.go │ │ │ └── whitelist.go │ │ └── whitelist.go │ │ ├── convert_RbacConfig_to_ClusterRbacConfig.sh │ │ ├── convert_perf_results.py │ │ ├── dump_kubernetes.sh │ │ ├── githubContrib │ │ └── Contributions.txt │ │ ├── hyperistio │ │ ├── README.md │ │ ├── hyperistio.go │ │ ├── hyperistio_test.go │ │ └── index.html │ │ ├── istio-docker.mk │ │ ├── istioctl.bash │ │ ├── license │ │ ├── README.md │ │ ├── get_dep_licenses.go │ │ └── manual_append │ │ │ ├── signalfx.txt │ │ │ └── siphash.txt │ │ ├── packaging │ │ ├── common │ │ │ ├── envoy_bootstrap_drain.json │ │ │ ├── envoy_bootstrap_v2.json │ │ │ ├── istio-auth-node-agent.service │ │ │ ├── istio-ca.sh │ │ │ ├── istio-iptables.sh │ │ │ ├── istio-node-agent-start.sh │ │ │ ├── istio-start.sh │ │ │ ├── istio.service │ │ │ └── sidecar.env │ │ ├── deb │ │ │ ├── Dockerfile │ │ │ ├── deb_test.sh │ │ │ ├── istio.mk │ │ │ └── postinst.sh │ │ ├── packaging.mk │ │ └── rpm │ │ │ ├── Dockerfile.build │ │ │ ├── build-istio-rpm.sh │ │ │ ├── build-proxy-rpm.sh │ │ │ ├── istio │ │ │ └── istio.spec │ │ │ ├── proxy │ │ │ ├── bazelrc │ │ │ └── istio-proxy.spec │ │ │ └── rpm.mk │ │ ├── perf_istio_rules.yaml │ │ ├── perf_k8svcs.yaml │ │ ├── perf_setup.svg │ │ ├── rules.yml │ │ ├── run_canonical_perf_tests.sh │ │ ├── setup_perf_cluster.sh │ │ ├── setup_run │ │ ├── update_all │ │ └── vagrant │ │ ├── Vagrantfile │ │ └── provision-vagrant.sh ├── istio.yaml.template ├── options-kubernetes-cluster.json.template └── setup-kubernetes-cluster-permissions.sh ├── student_automated.sh ├── teardown.md └── test.sh /TEMP.md: -------------------------------------------------------------------------------- 1 | WIFI: 2 | 3 | SheratonDianaMajestic 4 | 5 | Github: 6 | 7 | https://github.com/djannot/dcos-kubernetes-training 8 | 9 | PUBLICIP: 10 | 11 | 107.23.75.102 (then 35.153.140.50) 12 | 13 | DC/OS: 14 | 15 | https://k8straining-883957064.us-east-1.elb.amazonaws.com 16 | 17 | bootstrapuser / deleteme 18 | -------------------------------------------------------------------------------- /csi-iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:AttachVolume", 8 | "ec2:CreateSnapshot", 9 | "ec2:CreateTags", 10 | "ec2:CreateVolume", 11 | "ec2:DeleteSnapshot", 12 | "ec2:DeleteTags", 13 | "ec2:DeleteVolume", 14 | "ec2:DescribeInstances", 15 | "ec2:DescribeSnapshots", 16 | "ec2:DescribeTags", 17 | "ec2:DescribeVolumes", 18 | "ec2:DetachVolume" 19 | ], 20 | "Resource": "*" 21 | } 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /images/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/.DS_Store -------------------------------------------------------------------------------- /images/instructor_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/instructor_1.png -------------------------------------------------------------------------------- /images/lab0_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab0_1.png -------------------------------------------------------------------------------- /images/lab1_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab1_1.png -------------------------------------------------------------------------------- /images/lab2_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab2_1.png -------------------------------------------------------------------------------- /images/lab2_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab2_2.png -------------------------------------------------------------------------------- /images/lab3_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab3_1.png -------------------------------------------------------------------------------- /images/lab4_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab4_1.png -------------------------------------------------------------------------------- /images/lab4_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab4_2.png -------------------------------------------------------------------------------- /images/lab8_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab8_1.png -------------------------------------------------------------------------------- /images/lab9_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab9_1.png -------------------------------------------------------------------------------- /images/lab9_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab9_2.png -------------------------------------------------------------------------------- /images/lab9_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/images/lab9_3.png -------------------------------------------------------------------------------- /labs/linux-macOS/README.md: -------------------------------------------------------------------------------- 1 | # Mesosphere DC/OS Kubernetes training 2 | 3 | ## Introduction 4 | 5 | During this training, you'll learn how to use the main capabilities of Kubernetes on DC/OS: 6 | 7 | - Deploy a Kubernetes cluster 8 | - Scale a Kubernetes cluster 9 | - Upgrade a Kubernetes cluster 10 | - Expose a Kubernetes Application using a Service Type Load Balancer (L4) 11 | - Expose a Kubernetes Application using an Ingress (L7) 12 | - Leverage network policies to restrict access 13 | - Leverage persistent storage using Portworx 14 | - Leverage persistent storage using CSI 15 | - Configure Helm 16 | - Deploy Istio using Helm 17 | - Deploy an application on Istio 18 | - Monitoring a Kubernetes Cluster 19 | 20 | [Move to Lab 0 - Prerequisites](https://github.com/djannot/dcos-kubernetes-training/blob/master/labs/linux-macOS/lab0_prerequisites.md) 21 | -------------------------------------------------------------------------------- /labs/windows_WIP/README.md: -------------------------------------------------------------------------------- 1 | # Mesosphere DC/OS Kubernetes training 2 | 3 | ## Introduction 4 | 5 | During this training, you'll learn how to use the main capabilities of Kubernetes on DC/OS: 6 | 7 | - Deploy a Kubernetes cluster 8 | - Scale a Kubernetes cluster 9 | - Upgrade a Kubernetes cluster 10 | - Expose a Kubernetes Application using a Service Type Load Balancer (L4) 11 | - Expose a Kubernetes Application using an Ingress (L7) 12 | - Leverage network policies to restrict access 13 | - Leverage persistent storage using Portworx 14 | - Leverage persistent storage using CSI 15 | - Configure Helm 16 | - Deploy Istio using Helm 17 | - Deploy an application on Istio 18 | - Monitoring a Kubernetes Cluster 19 | 20 | [Move to Lab 0 - Prerequisites](https://github.com/djannot/dcos-kubernetes-training/blob/master/labs/windows_WIP/lab0_prerequisites.md) 21 | -------------------------------------------------------------------------------- /scripts/check-app-status.sh: -------------------------------------------------------------------------------- 1 | seconds=0 2 | OUTPUT=0 3 | sleep 5 4 | while [ "$OUTPUT" -ne 1 ]; do 5 | OUTPUT=`dcos marathon app list | grep $1 | awk '{print $4}' | cut -c1`; 6 | seconds=$((seconds+5)) 7 | printf "Waiting %s seconds for $1 to come up.\n" "$seconds" 8 | sleep 5 9 | done 10 | -------------------------------------------------------------------------------- /scripts/check-kubernetes-cluster-status.sh: -------------------------------------------------------------------------------- 1 | seconds=0 2 | OUTPUT=0 3 | sleep 5 4 | while [ "$OUTPUT" -ne 1 ]; do 5 | OUTPUT=`dcos kubernetes cluster debug plan status deploy --cluster-name=$1 | head -2 | tail -1 | grep -c COMPLETE`; 6 | seconds=$((seconds+5)) 7 | printf "Waiting %s seconds for kubernetes cluster $1 to come up.\n" "$seconds" 8 | sleep 5 9 | done 10 | -------------------------------------------------------------------------------- /scripts/check-kubernetes-mke-status.sh: -------------------------------------------------------------------------------- 1 | seconds=0 2 | OUTPUT=0 3 | sleep 5 4 | while [ "$OUTPUT" -ne 1 ]; do 5 | OUTPUT=`dcos kubernetes manager plan status deploy | head -1 | grep -c COMPLETE`; 6 | seconds=$((seconds+5)) 7 | printf "Waiting %s seconds for kubernetes mke to come up.\n" "$seconds" 8 | sleep 5 9 | done 10 | -------------------------------------------------------------------------------- /scripts/check-status-with-name.sh: -------------------------------------------------------------------------------- 1 | seconds=0 2 | OUTPUT=0 3 | sleep 5 4 | while [ "$OUTPUT" -ne 1 ]; do 5 | OUTPUT=`dcos $1 --name $2 plan status deploy | head -1 | grep -c COMPLETE`; 6 | seconds=$((seconds+5)) 7 | printf "Waiting %s seconds for $1 to come up.\n" "$seconds" 8 | sleep 5 9 | done 10 | -------------------------------------------------------------------------------- /scripts/create-and-attach-volumes.sh: -------------------------------------------------------------------------------- 1 | 2 | name=$CLUSTER 3 | region=$REGION 4 | maws=$1 5 | 6 | eval $(maws login ${maws}) 7 | 8 | aws --region=$region ec2 describe-instances | jq --raw-output ".Reservations[].Instances[] | select((.Tags | length) > 0) | select(.Tags[].Value | test(\"$name-privateagent\")) | select(.State.Name | test(\"running\")) | [.InstanceId, .Placement.AvailabilityZone] | \"\(.[0]) \(.[1])\"" | while read instance zone; do 9 | volume=$(aws --region=$region ec2 create-volume --size=100 --availability-zone=$zone --tag-specifications="ResourceType=volume,Tags=[{Key=string,Value=$name}]" | jq --raw-output .VolumeId) 10 | sleep 10 11 | aws --region=$region ec2 attach-volume --device=/dev/xvdf --instance-id=$instance --volume-id=$volume 12 | done 13 | -------------------------------------------------------------------------------- /scripts/create-csi-iam-policy.sh: -------------------------------------------------------------------------------- 1 | name=$CLUSTER 2 | region=$REGION 3 | maws=$1 4 | eval $(maws login ${maws}) 5 | 6 | aws --region=$region iam put-role-policy --role-name dcos-${CLUSTER}-instance_role --policy-name CSI --policy-document file://csi-iam-policy.json 7 | -------------------------------------------------------------------------------- /scripts/create-service-account.sh: -------------------------------------------------------------------------------- 1 | cd $(dirname $0) 2 | 3 | dcos security org service-accounts keypair private-${SERVICEACCOUNT}.pem public-${SERVICEACCOUNT}.pem 4 | dcos security org service-accounts show ${SERVICEACCOUNT} > /dev/null 2>&1 5 | if [ $? -eq 0 ]; then 6 | echo "Deleting the existing service account" 7 | dcos security org service-accounts delete ${SERVICEACCOUNT} 8 | fi 9 | dcos security org service-accounts create -p public-${SERVICEACCOUNT}.pem -d /${SERVICEPATH} ${SERVICEACCOUNT} 10 | test=$(dcos security secrets list / | grep -c ${SERVICEPATH}/private-${SERVICEACCOUNT}) 11 | if [ $test -ne 0 ]; then 12 | echo "Deleting the existing secret" 13 | dcos security secrets delete /${SERVICEPATH}/private-${SERVICEACCOUNT} 14 | fi 15 | dcos security secrets create-sa-secret --strict private-${SERVICEACCOUNT}.pem ${SERVICEACCOUNT} /${SERVICEPATH}/private-${SERVICEACCOUNT} 16 | -------------------------------------------------------------------------------- /scripts/csi-driver-deployments-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/scripts/csi-driver-deployments-master.zip -------------------------------------------------------------------------------- /scripts/deploy-dcos-monitoring.sh: -------------------------------------------------------------------------------- 1 | cd $(dirname $0) 2 | 3 | export SERVICEPATH=infra/monitoring/dcos-monitoring 4 | export SERVICEACCOUNT=$(echo ${SERVICEPATH} | sed 's/\//-/g') 5 | export ROLE=$(echo ${SERVICEPATH} | sed 's/\//__/g')-role 6 | 7 | ./create-service-account.sh 8 | ./grant-permissions.sh 9 | 10 | dcos package install dcos-monitoring --yes --options=options-dcos-monitoring.json --package-version=v1.2.0 11 | -------------------------------------------------------------------------------- /scripts/deploy-kubernetes-mke.sh: -------------------------------------------------------------------------------- 1 | # Create the kubernetes service account 2 | dcos security org service-accounts keypair private-kubernetes.pem public-kubernetes.pem 3 | dcos security org service-accounts delete kubernetes 4 | dcos security org service-accounts create -p public-kubernetes.pem -d kubernetes kubernetes 5 | dcos security secrets delete /kubernetes/private-kubernetes 6 | dcos security secrets create-sa-secret --strict private-kubernetes.pem kubernetes /kubernetes/private-kubernetes 7 | dcos security org users grant kubernetes dcos:mesos:master:reservation:role:kubernetes-role create 8 | dcos security org users grant kubernetes dcos:mesos:master:framework:role:kubernetes-role create 9 | dcos security org users grant kubernetes dcos:mesos:master:task:user:nobody create 10 | 11 | # Deploy kubernetes 12 | dcos package install kubernetes --options=scripts/options-kubernetes-mke.json --yes --package-version=2.4.5-1.15.5 13 | -------------------------------------------------------------------------------- /scripts/deploy-portworx.sh: -------------------------------------------------------------------------------- 1 | path=infra/storage/portworx 2 | serviceaccount=infra-storage-portworx 3 | 4 | dcos security org service-accounts keypair private-${serviceaccount}.pem public-${serviceaccount}.pem 5 | dcos security org service-accounts delete ${serviceaccount} 6 | dcos security org service-accounts create -p public-${serviceaccount}.pem -d /${path} ${serviceaccount} 7 | dcos security secrets delete /${path}/private-${serviceaccount} 8 | dcos security secrets create-sa-secret --strict private-${serviceaccount}.pem ${serviceaccount} /${path}/private-${serviceaccount} 9 | 10 | dcos security org users grant ${serviceaccount} dcos:superuser full 11 | 12 | dcos security org users grant dcos_marathon dcos:mesos:master:task:user:root create 13 | 14 | dcos security org users create -p password portworx 15 | dcos security org users grant portworx dcos:secrets:default:/infra/storage/portworx/secrets/* full 16 | 17 | dcos package install --yes portworx --options=scripts/options-portworx.json --package-version=1.3.5-2.0.3 18 | -------------------------------------------------------------------------------- /scripts/detach-and-delete-volumes.sh: -------------------------------------------------------------------------------- 1 | eval $(maws login 110465657741_Mesosphere-PowerUser) 2 | name=$CLUSTER 3 | region=$REGION 4 | 5 | aws --region=$region ec2 describe-volumes | jq --raw-output ".Volumes[] | select(.Tags[0].Value == \"$name\") | .VolumeId" | while read volume; do 6 | instance=$(aws --region=$region ec2 describe-volumes --volume-ids $volume | jq --raw-output .Volumes[0].Attachments[0].InstanceId) 7 | aws --region=$region ec2 detach-volume --force --device=/dev/xvdb --instance-id=$instance --volume-id=$volume 8 | done 9 | sleep 15 10 | aws --region=$region ec2 describe-volumes | jq --raw-output ".Volumes[] | select(.Tags[0].Value == \"$name\") | .VolumeId" | while read volume; do 11 | aws --region=$region ec2 delete-volume --volume-id=$volume 12 | done 13 | 14 | # Delete all the CSI volumes of this region that aren't in-use 15 | aws --region=$region ec2 describe-volumes | jq --raw-output '.Volumes[] | select(.Tags[0].Key == "CSIVolumeName" and .State == "available") | .VolumeId' | while read volume; do 16 | aws --region=$region ec2 delete-volume --volume-id=$volume 17 | done 18 | -------------------------------------------------------------------------------- /scripts/grant-permissions.sh: -------------------------------------------------------------------------------- 1 | cd $(dirname $0) 2 | 3 | dcos security org users grant ${SERVICEACCOUNT} dcos:secrets:default:/${SERVICEPATH}/* full 4 | dcos security org users grant ${SERVICEACCOUNT} dcos:secrets:list:default:/${SERVICEPATH} full 5 | dcos security org users grant ${SERVICEACCOUNT} dcos:adminrouter:ops:ca:rw full 6 | dcos security org users grant ${SERVICEACCOUNT} dcos:adminrouter:ops:ca:ro full 7 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:framework:role:${ROLE} create 8 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:reservation:role:${ROLE} create 9 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:reservation:principal:${SERVICEACCOUNT} delete 10 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:volume:role:${ROLE} create 11 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:volume:principal:${SERVICEACCOUNT} delete 12 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:task:user:nobody create 13 | -------------------------------------------------------------------------------- /scripts/options-dcos-monitoring.json: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "infra/monitoring/dcos-monitoring", 4 | "service_account": "infra-monitoring-dcos-monitoring", 5 | "service_account_secret": "/infra/monitoring/dcos-monitoring/private-infra-monitoring-dcos-monitoring" 6 | }, 7 | "prometheus": { 8 | "mem": 4096 9 | }, 10 | "pushgateway": { 11 | "enabled": true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /scripts/options-edgelb.json: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "dcos-edgelb/api", 4 | "secretName": "dcos-edgelb/private-dcos-edgelb", 5 | "principal": "dcos-edgelb", 6 | "mesosProtocol": "https" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /scripts/options-kubernetes-cluster.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "training/prod/k8s/clusterTOBEREPLACED", 4 | "service_account": "training-prod-k8s-clusterTOBEREPLACED", 5 | "service_account_secret": "/training/prod/k8s/clusterTOBEREPLACED/private-training-prod-k8s-clusterTOBEREPLACED" 6 | }, 7 | "kubernetes": { 8 | "authorization_mode": "RBAC", 9 | "high_availability": false, 10 | "private_node_count": 2, 11 | "private_reserved_resources": { 12 | "kube_cpus": 4, 13 | "kube_mem": 4096 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /scripts/options-kubernetes-metrics-exporter.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "training/prod/k8s/clusterTOBEREPLACED", 4 | "service_account": "training-prod-k8s-clusterTOBEREPLACED", 5 | "service_account_secret": "/training/prod/k8s/clusterTOBEREPLACED/private-training-prod-k8s-clusterTOBEREPLACED" 6 | }, 7 | "kubernetes": { 8 | "authorization_mode": "RBAC", 9 | "high_availability": false, 10 | "private_node_count": 3, 11 | "private_reserved_resources": { 12 | "kube_cpus": 4, 13 | "kube_mem": 4096 14 | }, 15 | "metrics_exporter": { 16 | "enabled": true 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /scripts/options-kubernetes-mke.json: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "service_account": "kubernetes", 4 | "service_account_secret": "/kubernetes/private-kubernetes" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /scripts/options-kubernetes-update-cluster.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "training/prod/k8s/clusterTOBEREPLACED", 4 | "service_account": "training-prod-k8s-clusterTOBEREPLACED", 5 | "service_account_secret": "/training/prod/k8s/clusterTOBEREPLACED/private-training-prod-k8s-clusterTOBEREPLACED" 6 | }, 7 | "kubernetes": { 8 | "authorization_mode": "RBAC", 9 | "high_availability": false, 10 | "private_node_count": 2, 11 | "private_reserved_resources": { 12 | "kube_cpus": 4, 13 | "kube_mem": 4096 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /scripts/options-portworx.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "infra/storage/portworx", 4 | "user": "root", 5 | "principal": "infra-storage-portworx", 6 | "secret_name": "/infra/storage/portworx/private-infra-storage-portworx" 7 | }, 8 | "node": { 9 | "count": NODES 10 | }, 11 | "etcd": { 12 | "enabled": true 13 | }, 14 | "lighthouse": { 15 | "enabled": true, 16 | "public_agent": false 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /scripts/setup_cli.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | OUTPUT=1 4 | while [ "$OUTPUT" != 0 ]; do 5 | 6 | if dcos cluster list | grep -q "AVAILABLE"; then 7 | OUTPUT=0 8 | else 9 | echo 10 | echo "**** Running command: dcos cluster setup" 11 | #echo 12 | dcos cluster setup $1 --insecure --username=bootstrapuser --password=deleteme 13 | echo 14 | echo "**** Installing enterprise CLI" 15 | echo 16 | dcos package install dcos-enterprise-cli --yes 17 | echo 18 | echo "**** Setting core.ssl_verify to false" 19 | echo 20 | dcos config set core.ssl_verify false 21 | fi 22 | done 23 | -------------------------------------------------------------------------------- /student/create-service-account.sh: -------------------------------------------------------------------------------- 1 | cd $(dirname $0) 2 | 3 | dcos security org service-accounts keypair private-${SERVICEACCOUNT}.pem public-${SERVICEACCOUNT}.pem 4 | dcos security org service-accounts show ${SERVICEACCOUNT} > /dev/null 2>&1 5 | if [ $? -eq 0 ]; then 6 | echo "Deleting the existing service account" 7 | dcos security org service-accounts delete ${SERVICEACCOUNT} 8 | fi 9 | dcos security org service-accounts create -p public-${SERVICEACCOUNT}.pem -d /${SERVICEPATH} ${SERVICEACCOUNT} 10 | test=$(dcos security secrets list / | grep -c ${SERVICEPATH}/private-${SERVICEACCOUNT}) 11 | if [ $test -ne 0 ]; then 12 | echo "Deleting the existing secret" 13 | dcos security secrets delete /${SERVICEPATH}/private-${SERVICEACCOUNT} 14 | fi 15 | dcos security secrets create-sa-secret --strict private-${SERVICEACCOUNT}.pem ${SERVICEACCOUNT} /${SERVICEPATH}/private-${SERVICEACCOUNT} 16 | -------------------------------------------------------------------------------- /student/csi-driver-deployments-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/student/csi-driver-deployments-master.zip -------------------------------------------------------------------------------- /student/grant-permissions.sh: -------------------------------------------------------------------------------- 1 | cd $(dirname $0) 2 | 3 | dcos security org users grant ${SERVICEACCOUNT} dcos:secrets:default:/${SERVICEPATH}/* full 4 | dcos security org users grant ${SERVICEACCOUNT} dcos:secrets:list:default:/${SERVICEPATH} full 5 | dcos security org users grant ${SERVICEACCOUNT} dcos:adminrouter:ops:ca:rw full 6 | dcos security org users grant ${SERVICEACCOUNT} dcos:adminrouter:ops:ca:ro full 7 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:framework:role:${ROLE} create 8 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:reservation:role:${ROLE} create 9 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:reservation:principal:${SERVICEACCOUNT} delete 10 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:volume:role:${ROLE} create 11 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:volume:principal:${SERVICEACCOUNT} delete 12 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:task:user:nobody create 13 | -------------------------------------------------------------------------------- /student/istio-1.2.2/bin/istioctl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/student/istio-1.2.2/bin/istioctl -------------------------------------------------------------------------------- /student/istio-1.2.2/install/consul/README.md: -------------------------------------------------------------------------------- 1 | # Install Istio with Consul in a simple Docker Compose setup 2 | 3 | Please follow the installation instructions from [istio.io](https://istio.io/docs/setup/consul/). 4 | 5 | The install file `istio.yaml` deploys Istio Pilot, Consul, Registrator, and 6 | the Istio API server with etcd as Docker containers. 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/consul/consul_config/agent-loglevel.json: -------------------------------------------------------------------------------- 1 | { 2 | "log_level": "INFO" 3 | } -------------------------------------------------------------------------------- /student/istio-1.2.2/install/consul/consul_config/agent.json: -------------------------------------------------------------------------------- 1 | { 2 | "client_addr": "0.0.0.0", 3 | "leave_on_terminate": true, 4 | "dns_config": { 5 | "allow_stale": true, 6 | "max_stale": "1s" 7 | } 8 | } -------------------------------------------------------------------------------- /student/istio-1.2.2/install/consul/consul_config/disable_update_check.json: -------------------------------------------------------------------------------- 1 | { 2 | "disable_update_check": true 3 | } -------------------------------------------------------------------------------- /student/istio-1.2.2/install/consul/consul_config/server.json: -------------------------------------------------------------------------------- 1 | { 2 | "ui": true, 3 | "dns_config": { 4 | "allow_stale": false 5 | } 6 | } -------------------------------------------------------------------------------- /student/istio-1.2.2/install/consul/kubeconfig: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | server: http://istio-apiserver:8080 5 | name: istio 6 | contexts: 7 | - context: 8 | cluster: istio 9 | user: "" 10 | name: istio 11 | current-context: istio -------------------------------------------------------------------------------- /student/istio-1.2.2/install/gcp/README.md: -------------------------------------------------------------------------------- 1 | # Google Cloud Platform Installation 2 | 3 | This directory contains contributed solutions for installing Istio that are 4 | specific to Google Cloud Platform. 5 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/gcp/deployment_manager/istio-cluster.yaml: -------------------------------------------------------------------------------- 1 | 2 | imports: 3 | - path: istio-cluster.jinja 4 | 5 | resources: 6 | - name: my-cluster 7 | type: istio-cluster.jinja 8 | properties: 9 | gkeClusterName: istio-cluster 10 | zone: us-central1-a 11 | initialNodeCount: 4 12 | instanceType: n1-standard-1 13 | enableAutomaticSidecarInjection: true 14 | enableMutualTLS: true 15 | enablePrometheus: true 16 | enableGrafana: true 17 | enableTracing: true 18 | enableBookInfoSample: true 19 | installIstioRelease: 1.0.0 20 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # Install Istio on an existing Kubernetes cluster 2 | 3 | Please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/quick-start.html). 4 | 5 | If you prefer to install Istio by checking out the [istio/istio](https://github.com/istio/istio) repository, you can run `updateVersion.sh` 6 | in the parent directory to generate the required installation files. 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/README.md: -------------------------------------------------------------------------------- 1 | # Installation using Ansible 2 | 3 | Please follow the installation instructions from [istio.io](https://preliminary.istio.io/docs/setup/kubernetes/ansible-install.html). 4 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | #Needed to be able to override selected variables from the command line 3 | hash_behaviour=merge -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Whether the cluster is an Openshift (ocp) or upstream Kubernetes (k8s) cluster 4 | cluster_flavour: ocp 5 | 6 | istio: 7 | 8 | # Install istio with or without istio-auth module 9 | auth: false 10 | 11 | # A set of add-ons to install, for example kiali 12 | addon: [] 13 | 14 | # The names of the samples that should be installed as well. 15 | # The available samples are in the istio_simple_samples variable 16 | # In addition to the values in istio_simple_samples, 'bookinfo' can also be specified 17 | samples: [] 18 | 19 | # Whether or not to open apps in the browser 20 | open_apps: false 21 | 22 | # Whether to delete resources that might exist from previous Istio installations 23 | delete_resources: false 24 | 25 | 26 | kiali: 27 | username: admin 28 | password: admin 29 | 30 | secret: 31 | apiVersion: v1 32 | kind: Secret 33 | metadata: 34 | name: kiali 35 | namespace: istio-system 36 | labels: 37 | app: kiali 38 | type: Opaque 39 | data: 40 | username: "{{ kiali.username | b64encode}}" 41 | passphrase: "{{ kiali.password | b64encode}}" 42 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/add_to_path.yml: -------------------------------------------------------------------------------- 1 | - name: Set istio dir 2 | set_fact: 3 | istio_dir: "{{ istio_k8s_dir | dirname | dirname }}" 4 | 5 | - name: Add Istio to PATH 6 | shell: | 7 | ISTIO_BIN_DIR=$(cd {{ istio_dir }}/bin; pwd) 8 | echo "########################################################################################" 9 | echo "Execute this command within your terminal to include the bin direcrtory of the istioctl client !" 10 | echo export PATH='$'PATH:$ISTIO_BIN_DIR 11 | echo "Then, you will be able within your shell to call the istioctl client" 12 | echo "istioctl [command]" 13 | echo "########################################################################################" 14 | register: r 15 | 16 | - debug: msg="{{ r.stdout.split('\n') }}" 17 | 18 | # PATH=$PATH:$ISTIO_BIN_DIR; export PATH 19 | 20 | # shell: ISTIO_BIN_DIR=$(cd {{ istio_dir }}/bin; pwd) | echo $ISTIO_BIN_DIR 21 | # register: r 22 | 23 | # - debug: var=r 24 | # 25 | # - lineinfile: 26 | # path: ms 27 | # regexp: '.istio-{{ istio.istio_version_to_use }}' 28 | # line: "\n# Istio\nexport PATH=$PATH:{{ r.stdout }}" 29 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/assert_oc_admin.yml: -------------------------------------------------------------------------------- 1 | - name: Find users that have the admin role 2 | shell: | 3 | {{ cmd_path }} get ClusterRoleBinding cluster-admin -o 'jsonpath={.subjects[*].name}' 2> /dev/null 4 | register: ro 5 | ignore_errors: true 6 | 7 | - name: Get current logged in user 8 | command: "{{ cmd_path }} whoami" 9 | register: uo 10 | ignore_errors: true 11 | 12 | - assert: 13 | that: 14 | - ro.rc == 0 15 | - uo.rc == 0 16 | - uo.stdout in ro.stdout 17 | msg: "Make sure you use 'oc login' with a user that is an admin before running the playbook" 18 | 19 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/bookinfo_cmd.j2: -------------------------------------------------------------------------------- 1 | {% if cluster_flavour == 'ocp' %} 2 | {{ cmd_path }} adm policy add-scc-to-user privileged -z default -n {{ sample_namespace }} 3 | {% endif %} 4 | {{ cmd_path }} apply -n {{ sample_namespace }} -f <({{ istio_dir }}/bin/istioctl kube-inject -f {{ istio_dir }}/samples/bookinfo/platform/kube/bookinfo.yaml) 5 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/change_scc.yml: -------------------------------------------------------------------------------- 1 | # Openshift by default does not allow containers running with UID 0. Enable containers running with UID 0 for Istio’s service accounts 2 | - name: Define SCC rules to enable containers running with UID zero for Istio service accounts 3 | shell: "{{ cmd_path }} adm policy add-scc-to-user anyuid -z {{ item }} -n {{ istio_namespace }}" 4 | with_items: 5 | - istio-ingressgateway-service-account 6 | - istio-egressgateway-service-account 7 | - istio-pilot-service-account 8 | - istio-mixer-service-account 9 | - istio-mixer-post-install-account 10 | - istio-ca-service-account 11 | - istio-sidecar-injector-service-account 12 | - istio-citadel-service-account 13 | - istio-galley-service-account 14 | - istio-cleanup-old-ca-service-account 15 | - prometheus 16 | - default 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/create_namespace_free_definition_file.yml: -------------------------------------------------------------------------------- 1 | - name: Create temp directory that will the modified definition file 2 | command: mktemp -d -t ansible.XXXXXXXXXX 3 | register: temp_output 4 | 5 | - name: Define var containing copied definition file 6 | set_fact: 7 | istio_copied_definition_file_full_path: "{{ temp_output.stdout }}/def.yml" 8 | 9 | - name: Copy definition file 10 | command: "cp {{ istio_definition_full_path }} {{ istio_copied_definition_file_full_path }}" 11 | 12 | - name: Remove lines corresponding to namespace 13 | replace: 14 | path: "{{ istio_copied_definition_file_full_path }}" 15 | regexp: '^\s*apiVersion: v1\s*\n+\s*kind: Namespace\s*\n+\s*metadata:\s*\n+\s*name: {{ istio_namespace }}\s*$' 16 | replace: '' 17 | 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/install_on_cluster.yml: -------------------------------------------------------------------------------- 1 | - name: Get istio k8s install path 2 | set_fact: 3 | istio_k8s_dir: "{{ playbook_dir | dirname }}" 4 | 5 | - name: Set istio definition pull path 6 | import_tasks: set_istio_distro_vars.yml 7 | 8 | - name: Add istio bin dir to PATH 9 | import_tasks: add_to_path.yml 10 | 11 | - include_tasks: safely_create_namespace.yml 12 | vars: 13 | ns_name: 'istio-system' 14 | 15 | - name: Create Kiali Secret 16 | shell: "echo \"{{ secret | to_yaml }}\" | {{cmd_path}} create -f - " 17 | 18 | - name: Deploy Istio from kubernetes file 19 | shell: "{{ cmd_path }} create -f {{ istio_definition_full_path }}" 20 | ignore_errors: true 21 | 22 | - name: Create Routes in Openshift 23 | shell: "{{cmd_path}} expose svc {{item}} -n istio-system" 24 | with_items: 25 | - istio-ingressgateway 26 | - prometheus 27 | - grafana 28 | - kiali 29 | when: "cluster_flavour == 'ocp'" 30 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/install_samples.yml: -------------------------------------------------------------------------------- 1 | - name: Find samples that don't require special handling 2 | set_fact: 3 | selected_simple_samples: "{{ istio.samples | difference('bookinfo') }}" 4 | 5 | - include_tasks: safely_create_namespace.yml 6 | vars: 7 | ns_name: samples 8 | when: "selected_simple_samples | length > 0" 9 | 10 | - name: Install sample 11 | include_tasks: install_sample.yml 12 | vars: 13 | sample_cmd_template: simple_sample_cmd.j2 14 | sample_path: "{{ item.path }}" 15 | sample_namespace: samples 16 | with_items: "{{ istio_simple_samples }}" 17 | when: "item.name in selected_simple_samples" 18 | 19 | - set_fact: 20 | bookinfo_selected: "{{ 'bookinfo' in istio.samples }}" 21 | 22 | - include_tasks: safely_create_namespace.yml 23 | vars: 24 | ns_name: bookinfo 25 | when: bookinfo_selected == true 26 | 27 | - name: Install bookinfo 28 | include_tasks: install_sample.yml 29 | vars: 30 | sample_cmd_template: bookinfo_cmd.j2 31 | sample_path: bookinfo/platform/kube/bookinfo.yaml 32 | sample_namespace: bookinfo 33 | when: bookinfo_selected == true 34 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include_tasks: set_appropriate_cmd_path.yml 4 | when: cmd_path is not defined 5 | 6 | - name: Extract server version 7 | shell: | 8 | {{ cmd_path }} version | sed -En "{{'s/kubernetes.*v([[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+).*/\1/p' if cluster_flavour == 'ocp' else 's/Server Version.*GitVersion.*v([[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+).*/\1/p'}}" | tail -1 9 | register: vo 10 | 11 | - assert: 12 | that: 13 | - "vo.stdout is version_compare(minimum_cluster_version,'>=')" 14 | msg: "Cluster version must be at least {{ minimum_cluster_version }}" 15 | 16 | - include_tasks: set_istio_path.yml 17 | 18 | - include_tasks: delete_resources.yml 19 | when: istio.delete_resources == true 20 | 21 | - include_tasks: install_on_cluster.yml 22 | 23 | - include_tasks: change_scc.yml 24 | when: cluster_flavour == 'ocp' 25 | 26 | - include_tasks: install_samples.yml 27 | when: (istio.samples is defined) and (istio.samples is iterable) and (istio.samples | length > 0) 28 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/safely_create_namespace.yml: -------------------------------------------------------------------------------- 1 | # Create a namespace if it doesn't exist 2 | # The name of the namespace to create is given in variable ns_name 3 | 4 | - name: Check if namespace exists 5 | shell: "{{ cmd_path }} get namespace/{{ ns_name }}" 6 | ignore_errors: true 7 | register: r 8 | 9 | - name: Create namespace {{ ns_name }} 10 | shell: "{{ cmd_path }} create namespace {{ ns_name }}" 11 | when: 12 | - r.stderr != "" 13 | - r.stderr.find("NotFound") != -1 -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/set_appropriate_cmd_path.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assume that command is already on the PATH 4 | set_fact: 5 | cmd_path: "{{'oc' if cluster_flavour == 'ocp' else 'kubectl' }}" 6 | when: cmd_path is not defined -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/set_istio_distro_vars.yml: -------------------------------------------------------------------------------- 1 | - name: Define var containing Istio definition file name 2 | set_fact: 3 | istio_definition_file_name: "{{'istio-demo-auth.yaml' if istio.auth == true else 'istio-demo.yaml'}}" 4 | 5 | - name: Define var containing Istio definition file full path 6 | set_fact: 7 | istio_definition_full_path: "{{ istio_k8s_dir }}/{{ istio_definition_file_name }}" 8 | 9 | - name: Show the full path of the definition file to be used 10 | debug: 11 | msg: "Using the following file to install Istio onto Kubernetes {{ istio_definition_full_path }}" 12 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/set_istio_path.yml: -------------------------------------------------------------------------------- 1 | - name: Get istio k8s install path 2 | set_fact: 3 | istio_k8s_dir: "{{ playbook_dir | dirname }}" 4 | 5 | - name: Set istio definition pull path 6 | import_tasks: set_istio_distro_vars.yml 7 | 8 | - name: Add istio bin dir to PATH 9 | import_tasks: add_to_path.yml 10 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/tasks/simple_sample_cmd.j2: -------------------------------------------------------------------------------- 1 | {% if cluster_flavour == 'ocp' %} 2 | {{ cmd_path }} adm policy add-scc-to-user privileged -z default -n {{ sample_namespace }} 3 | {% endif %} 4 | {{ cmd_path }} apply -n {{ sample_namespace }} -f <({{ istio_dir }}/bin/istioctl kube-inject -f {{ istio_dir }}/samples/{{ sample_path }}) -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/istio/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | minimum_cluster_version: 1.9.0 3 | 4 | istio_namespace: istio-system 5 | 6 | istio_simple_samples: 7 | - name: helloworld 8 | path: helloworld/helloworld.yaml 9 | - name: httpbin 10 | path: httpbin/httpbin.yaml 11 | - name: sleep 12 | path: sleep/sleep.yaml 13 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/ansible/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | gather_facts: true 4 | 5 | pre_tasks: 6 | # We require Ansible 2.4 or newer 7 | - name: Check Ansible version 8 | assert: 9 | that: '(ansible_version.major, ansible_version.minor, ansible_version.revision) >= (2, 4, 0)' 10 | msg: 'Please install the recommended version 2.4+. You have Ansible {{ ansible_version.string }}.' 11 | run_once: yes 12 | 13 | - name: Playbook runs correctly only on Linux or Mac OSX 14 | assert: 15 | that: 'ansible_system == "Linux" or ansible_os_family == "Darwin"' 16 | msg: 'The playbook can only be run on Linux or Mac OSX systems' 17 | run_once: yes 18 | 19 | roles: 20 | - istio -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/global-default-sidecar-scope.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: istio-config 5 | --- 6 | apiVersion: networking.istio.io/v1alpha3 7 | kind: Sidecar 8 | metadata: 9 | name: default-sidecar-scope 10 | namespace: istio-config 11 | spec: 12 | egress: 13 | # If this config is applied, sidecars will only be able to talk to 14 | # other services in the same namespace, in addition to istio-telemetry 15 | # and istio-policy 16 | - hosts: 17 | - "./*" 18 | - "istio-system/istio-telemetry.istio-system.svc.cluster.local" 19 | - "istio-system/istio-policy.istio-system.svc.cluster.local" 20 | --- 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/README.md: -------------------------------------------------------------------------------- 1 | # Installation using Helm 2 | 3 | Please follow the installation instructions from [istio.io](https://istio.io/docs/setup/kubernetes/install/helm/). 4 | 5 | # Development 6 | 7 | Future development for the installer is taking place on [istio/installer](https://github.com/istio/installer). Please add new features to this repository, as only bug fixes will be allowed here. -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/helm-service-account.yaml: -------------------------------------------------------------------------------- 1 | # Create a service account for Helm and grant the cluster admin role. 2 | # It is assumed that helm should be installed with this service account 3 | # (tiller). 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: tiller 8 | namespace: kube-system 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRoleBinding 12 | metadata: 13 | name: tiller 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: ClusterRole 17 | name: cluster-admin 18 | subjects: 19 | - kind: ServiceAccount 20 | name: tiller 21 | namespace: kube-system 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-cni 3 | version: 0.1.0 4 | appVersion: 0.1.0 5 | tillerVersion: ">=2.7.2-0" 6 | description: Helm chart for istio-cni components 7 | keywords: 8 | - istio-cni 9 | - istio 10 | sources: 11 | - http://github.com/istio/cni 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-cni/templates/_labels.tpl: -------------------------------------------------------------------------------- 1 | {{- define "common_labels" }} 2 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 3 | release: {{ .Release.Name }} 4 | version: {{ .Chart.Version }} 5 | heritage: {{ .Release.Service }} 6 | {{- end }} 7 | 8 | {{- define "common_template_labels" }} 9 | version: {{ .Chart.Version }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-cni/values.yaml: -------------------------------------------------------------------------------- 1 | hub: docker.io/istio 2 | tag: 1.2.2 3 | pullPolicy: Always 4 | 5 | logLevel: info 6 | 7 | # Configuration file to insert istio-cni plugin configuration 8 | # by default this will be the first file found in the cni-conf-dir 9 | # Example 10 | # cniConfFileName: 10-calico.conflist 11 | 12 | # CNI bin and conf dir override settings 13 | # defaults: 14 | cniBinDir: /opt/cni/bin 15 | cniConfDir: /etc/cni/net.d 16 | 17 | excludeNamespaces: 18 | - istio-system 19 | 20 | 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-cni/values_gke.yaml: -------------------------------------------------------------------------------- 1 | hub: gcr.io/istio-release 2 | tag: release-1.2-latest-daily 3 | pullPolicy: Always 4 | 5 | logLevel: info 6 | 7 | # Configuration file to insert istio-cni plugin configuration 8 | # by default this will be the first file found in the cni-conf-dir 9 | # Example 10 | # cniConfFileName: 10-calico.conflist 11 | 12 | # CNI bin and conf dir override settings 13 | # defaults: 14 | cniBinDir: /home/kubernetes/bin 15 | cniConfDir: /etc/cni/net.d 16 | 17 | excludeNamespaces: 18 | - istio-system 19 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-init 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2-0" 6 | description: Helm chart to initialize Istio CRDs 7 | keywords: 8 | - istio 9 | - crd 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/files/crd-11.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: sidecars.networking.istio.io 5 | labels: 6 | app: istio-pilot 7 | chart: istio 8 | heritage: Tiller 9 | release: istio 10 | annotations: 11 | "helm.sh/resource-policy": keep 12 | spec: 13 | group: networking.istio.io 14 | names: 15 | kind: Sidecar 16 | plural: sidecars 17 | singular: sidecar 18 | categories: 19 | - istio-io 20 | - networking-istio-io 21 | scope: Namespaced 22 | version: v1alpha3 23 | --- 24 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/files/crd-12.yaml: -------------------------------------------------------------------------------- 1 | kind: CustomResourceDefinition 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | metadata: 4 | name: authorizationpolicies.rbac.istio.io 5 | labels: 6 | app: istio-pilot 7 | istio: rbac 8 | heritage: Tiller 9 | release: istio 10 | spec: 11 | group: rbac.istio.io 12 | names: 13 | kind: AuthorizationPolicy 14 | plural: authorizationpolicies 15 | singular: authorizationpolicy 16 | categories: 17 | - istio-io 18 | - rbac-istio-io 19 | scope: Namespaced 20 | version: v1alpha1 21 | --- 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-init-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-init 7 | istio: init 8 | rules: 9 | - apiGroups: ["apiextensions.k8s.io"] 10 | resources: ["customresourcedefinitions"] 11 | verbs: ["create", "get", "list", "watch", "patch"] 12 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-init-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: istio-init 7 | istio: init 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: istio-init-{{ .Release.Namespace }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: istio-init-service-account 15 | namespace: {{ .Release.Namespace }} 16 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/configmap-crd-10.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-crd-10 6 | data: 7 | crd-10.yaml: |- 8 | {{.Files.Get "files/crd-10.yaml" | printf "%s" | indent 4}} 9 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/configmap-crd-11.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-crd-11 6 | data: 7 | crd-11.yaml: |- 8 | {{.Files.Get "files/crd-11.yaml" | printf "%s" | indent 4}} 9 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/configmap-crd-12.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-crd-12 6 | data: 7 | crd-12.yaml: |- 8 | {{.Files.Get "files/crd-12.yaml" | printf "%s" | indent 4}} 9 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/configmap-crd-certmanager-10.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certmanager.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | namespace: {{ .Release.Namespace }} 6 | name: istio-crd-certmanager-10 7 | data: 8 | crd-certmanager-10.yaml: |- 9 | {{.Files.Get "files/crd-certmanager-10.yaml" | printf "%s" | indent 4}} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/configmap-crd-certmanager-11.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certmanager.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | namespace: {{ .Release.Namespace }} 6 | name: istio-crd-certmanager-11 7 | data: 8 | crd-certmanager-11.yaml: |- 9 | {{.Files.Get "files/crd-certmanager-11.yaml" | printf "%s" | indent 4}} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/job-crd-10.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-init-crd-10 6 | spec: 7 | template: 8 | metadata: 9 | annotations: 10 | sidecar.istio.io/inject: "false" 11 | spec: 12 | serviceAccountName: istio-init-service-account 13 | containers: 14 | - name: istio-init-crd-10 15 | image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}" 16 | imagePullPolicy: {{ .Values.global.imagePullPolicy }} 17 | volumeMounts: 18 | - name: crd-10 19 | mountPath: /etc/istio/crd-10 20 | readOnly: true 21 | command: ["kubectl", "apply", "-f", "/etc/istio/crd-10/crd-10.yaml"] 22 | volumes: 23 | - name: crd-10 24 | configMap: 25 | name: istio-crd-10 26 | restartPolicy: OnFailure 27 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/job-crd-11.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-init-crd-11 6 | spec: 7 | template: 8 | metadata: 9 | annotations: 10 | sidecar.istio.io/inject: "false" 11 | spec: 12 | serviceAccountName: istio-init-service-account 13 | containers: 14 | - name: istio-init-crd-11 15 | image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}" 16 | imagePullPolicy: {{ .Values.global.imagePullPolicy }} 17 | volumeMounts: 18 | - name: crd-11 19 | mountPath: /etc/istio/crd-11 20 | readOnly: true 21 | command: ["kubectl", "apply", "-f", "/etc/istio/crd-11/crd-11.yaml"] 22 | volumes: 23 | - name: crd-11 24 | configMap: 25 | name: istio-crd-11 26 | restartPolicy: OnFailure 27 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/job-crd-12.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: istio-init-crd-12 6 | spec: 7 | template: 8 | metadata: 9 | annotations: 10 | sidecar.istio.io/inject: "false" 11 | spec: 12 | serviceAccountName: istio-init-service-account 13 | containers: 14 | - name: istio-init-crd-12 15 | image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}" 16 | imagePullPolicy: {{ .Values.global.imagePullPolicy }} 17 | volumeMounts: 18 | - name: crd-12 19 | mountPath: /etc/istio/crd-12 20 | readOnly: true 21 | command: ["kubectl", "apply", "-f", "/etc/istio/crd-12/crd-12.yaml"] 22 | volumes: 23 | - name: crd-12 24 | configMap: 25 | name: istio-crd-12 26 | restartPolicy: OnFailure 27 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/job-crd-certmanager-10.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certmanager.enabled }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | namespace: {{ .Release.Namespace }} 6 | name: istio-init-crd-certmanager-10 7 | spec: 8 | template: 9 | metadata: 10 | annotations: 11 | sidecar.istio.io/inject: "false" 12 | spec: 13 | serviceAccountName: istio-init-service-account 14 | containers: 15 | - name: istio-init-crd-certmanager-10 16 | image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}" 17 | imagePullPolicy: {{ .Values.global.imagePullPolicy }} 18 | volumeMounts: 19 | - name: crd-certmanager-10 20 | mountPath: /etc/istio/crd-certmanager-10 21 | readOnly: true 22 | command: ["kubectl", "apply", "-f", "/etc/istio/crd-certmanager-10/crd-certmanager-10.yaml"] 23 | volumes: 24 | - name: crd-certmanager-10 25 | configMap: 26 | name: istio-crd-certmanager-10 27 | restartPolicy: OnFailure 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/job-crd-certmanager-11.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certmanager.enabled }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | namespace: {{ .Release.Namespace }} 6 | name: istio-init-crd-certmanager-11 7 | spec: 8 | template: 9 | metadata: 10 | annotations: 11 | sidecar.istio.io/inject: "false" 12 | spec: 13 | serviceAccountName: istio-init-service-account 14 | containers: 15 | - name: istio-init-crd-certmanager-11 16 | image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}" 17 | imagePullPolicy: {{ .Values.global.imagePullPolicy }} 18 | volumeMounts: 19 | - name: crd-certmanager-11 20 | mountPath: /etc/istio/crd-certmanager-11 21 | readOnly: true 22 | command: ["kubectl", "apply", "-f", "/etc/istio/crd-certmanager-11/crd-certmanager-11.yaml"] 23 | volumes: 24 | - name: crd-certmanager-11 25 | configMap: 26 | name: istio-crd-certmanager-11 27 | restartPolicy: OnFailure 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: istio-init-service-account 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: istio-init 8 | istio: init 9 | 10 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio-init/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | # Default hub for Istio images. 3 | # Releases are published to docker hub under 'istio' project. 4 | # Daily builds from prow are on gcr.io, and nightly builds from circle on docker.io/istionightly 5 | hub: docker.io/istio 6 | 7 | # Default tag for Istio images. 8 | tag: 1.2.2 9 | 10 | # imagePullPolicy is applied to istio control plane components. 11 | # local tests require IfNotPresent, to avoid uploading to dockerhub. 12 | # TODO: Switch to Always as default, and override in the local tests. 13 | imagePullPolicy: IfNotPresent 14 | 15 | certmanager: 16 | enabled: false 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2-0" 6 | description: Helm chart for all istio components 7 | keywords: 8 | - istio 9 | - security 10 | - sidecarInjectorWebhook 11 | - mixer 12 | - pilot 13 | - galley 14 | sources: 15 | - http://github.com/istio/istio 16 | engine: gotpl 17 | icon: https://istio.io/favicons/android-192x192.png 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/certmanager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: certmanager 4 | version: 1.2.2 5 | appVersion: 0.6.2 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/certmanager/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | certmanager has been deployed successfully! 2 | 3 | More information on the different types of issuers and how to configure them 4 | can be found in our documentation: 5 | 6 | https://cert-manager.readthedocs.io/en/latest/reference/issuers.html -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/certmanager/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "certmanager.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "certmanager.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "certmanager.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/certmanager/templates/issuer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: certmanager.k8s.io/v1alpha1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-staging 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: certmanager 9 | chart: {{ template "certmanager.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | acme: 14 | server: https://acme-staging-v02.api.letsencrypt.org/directory 15 | email: {{ .Values.email }} 16 | # Name of a secret used to store the ACME account private key 17 | privateKeySecretRef: 18 | name: letsencrypt-staging 19 | http01: {} 20 | --- 21 | apiVersion: certmanager.k8s.io/v1alpha1 22 | kind: ClusterIssuer 23 | metadata: 24 | name: letsencrypt 25 | namespace: {{ .Release.Namespace }} 26 | labels: 27 | app: certmanager 28 | chart: {{ template "certmanager.chart" . }} 29 | heritage: {{ .Release.Service }} 30 | release: {{ .Release.Name }} 31 | spec: 32 | acme: 33 | server: https://acme-v02.api.letsencrypt.org/directory 34 | email: {{ .Values.email }} 35 | privateKeySecretRef: 36 | name: letsencrypt 37 | http01: {} 38 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/certmanager/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: certmanager 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: certmanager 9 | chart: {{ template "certmanager.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | version: {{ .Chart.Version }} 13 | {{- if .Values.podLabels }} 14 | {{ toYaml .Values.podLabels | indent 4 }} 15 | {{- end }} 16 | spec: 17 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 18 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 19 | {{- end }} 20 | selector: 21 | matchLabels: 22 | app: certmanager 23 | release: {{ .Release.Name }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/certmanager/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: certmanager 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: certmanager 14 | chart: {{ template "certmanager.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: galley 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for galley deployment 7 | keywords: 8 | - istio 9 | - galley 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "galley.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "galley.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "galley.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-galley-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "galley.name" . }} 7 | chart: {{ template "galley.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-galley-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-galley-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-galley-configuration 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "galley.name" . }} 8 | chart: {{ template "galley.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: galley 12 | data: 13 | validatingwebhookconfiguration.yaml: |- 14 | {{- include "validatingwebhookconfiguration.yaml.tpl" . | indent 4}} -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-galley 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "galley.name" . }} 9 | chart: {{ template "galley.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | istio: galley 13 | spec: 14 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 15 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 16 | {{- end }} 17 | selector: 18 | matchLabels: 19 | app: {{ template "galley.name" . }} 20 | release: {{ .Release.Name }} 21 | istio: galley 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-galley 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "galley.name" . }} 8 | chart: {{ template "galley.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: galley 12 | spec: 13 | ports: 14 | - port: 443 15 | name: https-validation 16 | - port: {{ .Values.global.monitoringPort }} 17 | name: http-monitoring 18 | - port: 9901 19 | name: grpc-mcp 20 | selector: 21 | istio: galley 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-galley-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "galley.name" . }} 14 | chart: {{ template "galley.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/galley/values.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # galley configuration 3 | # 4 | enabled: true 5 | replicaCount: 1 6 | image: galley 7 | nodeSelector: {} 8 | tolerations: [] 9 | 10 | # Specify the pod anti-affinity that allows you to constrain which nodes 11 | # your pod is eligible to be scheduled based on labels on pods that are 12 | # already running on the node rather than based on labels on nodes. 13 | # There are currently two types of anti-affinity: 14 | # "requiredDuringSchedulingIgnoredDuringExecution" 15 | # "preferredDuringSchedulingIgnoredDuringExecution" 16 | # which denote “hard” vs. “soft” requirements, you can define your values 17 | # in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector" 18 | # correspondingly. 19 | # For example: 20 | # podAntiAffinityLabelSelector: 21 | # - key: security 22 | # operator: In 23 | # values: S1,S2 24 | # topologyKey: "kubernetes.io/hostname" 25 | # This pod anti-affinity rule says that the pod requires not to be scheduled 26 | # onto a node if that node is already running a pod with label having key 27 | # “security” and value “S1”. 28 | podAntiAffinityLabelSelector: [] 29 | podAntiAffinityTermLabelSelector: [] 30 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/gateways/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: gateways 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for deploying Istio gateways 7 | keywords: 8 | - istio 9 | - ingressgateway 10 | - egressgateway 11 | - gateways 12 | sources: 13 | - http://github.com/istio/istio 14 | engine: gotpl 15 | icon: https://istio.io/favicons/android-192x192.png 16 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/gateways/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "gateway.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "gateway.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "gateway.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/gateways/templates/autoscale.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if ne $key "enabled" }} 3 | {{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} 4 | apiVersion: autoscaling/v2beta1 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: {{ $key }} 8 | namespace: {{ $spec.namespace | default $.Release.Namespace }} 9 | labels: 10 | chart: {{ template "gateway.chart" $ }} 11 | heritage: {{ $.Release.Service }} 12 | release: {{ $.Release.Name }} 13 | {{- range $key, $val := $spec.labels }} 14 | {{ $key }}: {{ $val }} 15 | {{- end }} 16 | spec: 17 | maxReplicas: {{ $spec.autoscaleMax }} 18 | minReplicas: {{ $spec.autoscaleMin }} 19 | scaleTargetRef: 20 | apiVersion: apps/v1 21 | kind: Deployment 22 | name: {{ $key }} 23 | metrics: 24 | - type: Resource 25 | resource: 26 | name: cpu 27 | targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} 28 | --- 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/gateways/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if and (ne $key "enabled") }} 3 | {{- if $spec.enabled }} 4 | {{- if $.Values.global.defaultPodDisruptionBudget.enabled }} 5 | apiVersion: policy/v1beta1 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ $key }} 9 | namespace: {{ $spec.namespace | default $.Release.Namespace }} 10 | labels: 11 | chart: {{ template "gateway.chart" $ }} 12 | heritage: {{ $.Release.Service }} 13 | release: {{ $.Release.Name }} 14 | {{- range $key, $val := $spec.labels }} 15 | {{ $key }}: {{ $val }} 16 | {{- end }} 17 | spec: 18 | {{- if $.Values.global.defaultPodDisruptionBudget.enabled }} 19 | {{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} 20 | {{- end }} 21 | selector: 22 | matchLabels: 23 | release: {{ $.Release.Name }} 24 | {{- range $key, $val := $spec.labels }} 25 | {{ $key }}: {{ $val }} 26 | {{- end }} 27 | --- 28 | {{- end }} 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/gateways/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if ne $key "enabled" }} 3 | {{- if $spec.enabled }} 4 | {{- if ($spec.sds) and (eq $spec.sds.enabled true) }} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: {{ $key }}-sds 9 | namespace: {{ $.Release.Namespace }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: ["secrets"] 13 | verbs: ["get", "watch", "list"] 14 | --- 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/gateways/templates/rolebindings.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if ne $key "enabled" }} 3 | {{- if $spec.enabled }} 4 | {{- if ($spec.sds) and (eq $spec.sds.enabled true) }} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: {{ $key }}-sds 9 | namespace: {{ $.Release.Namespace }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: Role 13 | name: {{ $key }}-sds 14 | subjects: 15 | - kind: ServiceAccount 16 | name: {{ $key }}-service-account 17 | --- 18 | {{- end }} 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/gateways/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if ne $key "enabled" }} 3 | {{- if $spec.enabled }} 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | {{- if $.Values.global.imagePullSecrets }} 7 | imagePullSecrets: 8 | {{- range $.Values.global.imagePullSecrets }} 9 | - name: {{ . }} 10 | {{- end }} 11 | {{- end }} 12 | metadata: 13 | name: {{ $key }}-service-account 14 | namespace: {{ $spec.namespace | default $.Release.Namespace }} 15 | labels: 16 | app: {{ $spec.labels.app }} 17 | chart: {{ template "gateway.chart" $ }} 18 | heritage: {{ $.Release.Service }} 19 | release: {{ $.Release.Name }} 20 | --- 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | 25 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: grafana 4 | version: 1.2.2 5 | appVersion: 1.2.2 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "grafana.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "grafana.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "grafana.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/templates/configmap-custom-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-grafana-custom-resources 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "grafana.name" . }} 8 | chart: {{ template "grafana.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: grafana 12 | data: 13 | custom-resources.yaml: |- 14 | {{- include "grafana-default.yaml.tpl" . | indent 4}} 15 | run.sh: |- 16 | {{- include "install-custom-resources.sh.tpl" . | indent 4}} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/templates/configmap-dashboards.yaml: -------------------------------------------------------------------------------- 1 | {{- $files := .Files }} 2 | {{- range $path, $bytes := .Files.Glob "dashboards/*.json" }} 3 | {{- $filename := trimSuffix (ext $path) (base $path) }} 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: istio-grafana-configuration-dashboards-{{ $filename }} 8 | namespace: {{ $.Release.Namespace }} 9 | labels: 10 | app: {{ template "grafana.name" $ }} 11 | chart: {{ template "grafana.chart" $ }} 12 | heritage: {{ $.Release.Service }} 13 | release: {{ $.Release.Name }} 14 | istio: grafana 15 | data: 16 | {{ base $path }}: '{{ $files.Get $path }}' 17 | --- 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-grafana 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "grafana.name" . }} 8 | chart: {{ template "grafana.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: grafana 12 | data: 13 | {{- if .Values.datasources }} 14 | {{- range $key, $value := .Values.datasources }} 15 | {{ $key }}: | 16 | {{ toYaml $value | indent 4 }} 17 | {{- end -}} 18 | {{- end -}} 19 | 20 | {{- if .Values.dashboardProviders }} 21 | {{- range $key, $value := .Values.dashboardProviders }} 22 | {{ $key }}: | 23 | {{ toYaml $value | indent 4 }} 24 | {{- end -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/templates/grafana-ports-mtls.yaml: -------------------------------------------------------------------------------- 1 | {{ define "grafana-default.yaml.tpl" }} 2 | apiVersion: authentication.istio.io/v1alpha1 3 | kind: Policy 4 | metadata: 5 | name: grafana-ports-mtls-disabled 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "grafana.name" . }} 9 | chart: {{ template "grafana.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | targets: 14 | - name: grafana 15 | ports: 16 | - number: {{ .Values.service.externalPort }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persist }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: istio-grafana-pvc 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "grafana.name" . }} 9 | chart: {{ template "grafana.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | storageClassName: {{ .Values.storageClassName }} 14 | accessModes: 15 | - {{ .Values.accessMode }} 16 | resources: 17 | requests: 18 | storage: 5Gi 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/grafana/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | namespace: {{ .Release.Namespace }} 6 | annotations: 7 | {{- range $key, $val := .Values.service.annotations }} 8 | {{ $key }}: {{ $val | quote }} 9 | {{- end }} 10 | labels: 11 | app: {{ template "grafana.name" . }} 12 | chart: {{ template "grafana.chart" . }} 13 | heritage: {{ .Release.Service }} 14 | release: {{ .Release.Name }} 15 | spec: 16 | type: {{ .Values.service.type }} 17 | ports: 18 | - port: {{ .Values.service.externalPort }} 19 | targetPort: 3000 20 | protocol: TCP 21 | name: {{ .Values.service.name }} 22 | selector: 23 | app: grafana 24 | {{- if .Values.service.loadBalancerIP }} 25 | loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" 26 | {{- end }} 27 | {{if .Values.service.loadBalancerSourceRanges}} 28 | loadBalancerSourceRanges: 29 | {{range $rangeList := .Values.service.loadBalancerSourceRanges}} 30 | - {{ $rangeList }} 31 | {{end}} 32 | {{end}} -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/istiocoredns/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Istio CoreDNS provides DNS resolution for services in multicluster setups. 3 | name: istiocoredns 4 | version: 1.2.2 5 | appVersion: 0.1 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "istiocoredns.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "istiocoredns.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "istiocoredns.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istiocoredns 5 | labels: 6 | app: {{ template "istiocoredns.name" . }} 7 | chart: {{ template "istiocoredns.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: ["networking.istio.io"] 12 | resources: ["*"] 13 | verbs: ["get", "watch", "list"] 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-istiocoredns-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "istiocoredns.name" . }} 7 | chart: {{ template "istiocoredns.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istiocoredns 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istiocoredns-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: coredns 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "istiocoredns.name" . }} 8 | chart: {{ template "istiocoredns.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | data: 12 | Corefile: | 13 | .:53 { 14 | errors 15 | health 16 | proxy global 127.0.0.1:8053 { 17 | protocol grpc insecure 18 | } 19 | prometheus :9153 20 | proxy . /etc/resolv.conf 21 | cache 30 22 | reload 23 | } 24 | --- 25 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istiocoredns 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "istiocoredns.name" . }} 8 | chart: {{ template "istiocoredns.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | selector: 13 | app: istiocoredns 14 | ports: 15 | - name: dns 16 | port: 53 17 | protocol: UDP 18 | - name: dns-tcp 19 | port: 53 20 | protocol: TCP 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/istiocoredns/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiocoredns-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "istiocoredns.name" . }} 14 | chart: {{ template "istiocoredns.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/kiali/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. 3 | name: kiali 4 | version: 1.2.2 5 | appVersion: 0.20 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/kiali/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "kiali.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "kiali.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "kiali.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/kiali/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-kiali-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "kiali.name" . }} 7 | chart: {{ template "kiali.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: kiali{{- if .Values.dashboard.viewOnlyMode }}-viewer{{- end }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: kiali-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/kiali/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: kiali 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "kiali.name" . }} 8 | chart: {{ template "kiali.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | data: 12 | config.yaml: | 13 | istio_namespace: {{ .Release.Namespace }} 14 | auth: 15 | strategy: "login" 16 | server: 17 | port: 20001 18 | {{- if .Values.contextPath }} 19 | web_root: {{ .Values.contextPath }} 20 | {{- end }} 21 | external_services: 22 | tracing: 23 | url: {{ .Values.dashboard.jaegerURL }} 24 | grafana: 25 | url: {{ .Values.dashboard.grafanaURL }} 26 | prometheus: 27 | url: {{ .Values.prometheusAddr }} 28 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/kiali/templates/demosecret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.createDemoSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.dashboard.secretName }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "kiali.name" . }} 9 | chart: {{ template "kiali.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | type: Opaque 13 | data: 14 | username: YWRtaW4= # admin 15 | passphrase: YWRtaW4= # admin 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/kiali/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kiali 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "kiali.name" . }} 8 | chart: {{ template "kiali.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | ports: 13 | - name: http-kiali 14 | protocol: TCP 15 | port: 20001 16 | selector: 17 | app: kiali 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/kiali/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: kiali-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "kiali.name" . }} 14 | chart: {{ template "kiali.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: mixer 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for mixer deployment 7 | keywords: 8 | - istio 9 | - mixer 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "mixer.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "mixer.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "mixer.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/templates/autoscale.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if or (eq $key "policy") (eq $key "telemetry") }} 3 | {{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} 4 | apiVersion: autoscaling/v2beta1 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: istio-{{ $key }} 8 | namespace: {{ $.Release.Namespace }} 9 | labels: 10 | app: {{ template "mixer.name" $ }} 11 | chart: {{ template "mixer.chart" $ }} 12 | heritage: {{ $.Release.Service }} 13 | release: {{ $.Release.Name }} 14 | spec: 15 | maxReplicas: {{ $spec.autoscaleMax }} 16 | minReplicas: {{ $spec.autoscaleMin }} 17 | scaleTargetRef: 18 | apiVersion: apps/v1 19 | kind: Deployment 20 | name: istio-{{ $key }} 21 | metrics: 22 | - type: Resource 23 | resource: 24 | name: cpu 25 | targetAverageUtilization: {{ $spec.cpu.targetAverageUtilization }} 26 | --- 27 | {{- end }} 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: istio-mixer-{{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "mixer.name" . }} 8 | chart: {{ template "mixer.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | rules: 12 | - apiGroups: ["config.istio.io"] # istio CRD watcher 13 | resources: ["*"] 14 | verbs: ["create", "get", "list", "watch", "patch"] 15 | - apiGroups: ["apiextensions.k8s.io"] 16 | resources: ["customresourcedefinitions"] 17 | verbs: ["get", "list", "watch"] 18 | - apiGroups: [""] 19 | resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] 20 | verbs: ["get", "list", "watch"] 21 | - apiGroups: ["extensions", "apps"] 22 | resources: ["replicasets"] 23 | verbs: ["get", "list", "watch"] 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: istio-mixer-admin-role-binding-{{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "mixer.name" . }} 8 | chart: {{ template "mixer.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: istio-mixer-{{ .Release.Namespace }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: istio-mixer-service-account 18 | namespace: {{ .Release.Namespace }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if or (eq $key "policy") (eq $key "telemetry") }} 3 | {{- if $spec.enabled }} 4 | {{- if $.Values.global.defaultPodDisruptionBudget.enabled }} 5 | apiVersion: policy/v1beta1 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: istio-{{ $key }} 9 | namespace: {{ $.Release.Namespace }} 10 | labels: 11 | app: {{ $key }} 12 | chart: {{ template "mixer.chart" $ }} 13 | heritage: {{ $.Release.Service }} 14 | release: {{ $.Release.Name }} 15 | version: {{ $.Chart.Version }} 16 | istio: mixer 17 | istio-mixer-type: {{ $key }} 18 | spec: 19 | {{- if $.Values.global.defaultPodDisruptionBudget.enabled }} 20 | {{ include "podDisruptionBudget.spec" $.Values.global.defaultPodDisruptionBudget }} 21 | {{- end }} 22 | selector: 23 | matchLabels: 24 | app: {{ $key }} 25 | release: {{ $.Release.Name }} 26 | istio: mixer 27 | istio-mixer-type: {{ $key }} 28 | --- 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $spec := .Values }} 2 | {{- if or (eq $key "policy") (eq $key "telemetry") }} 3 | {{- if $spec.enabled }} 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: istio-{{ $key }} 8 | namespace: {{ $.Release.Namespace }} 9 | annotations: 10 | networking.istio.io/exportTo: "*" 11 | labels: 12 | app: {{ template "mixer.name" $ }} 13 | chart: {{ template "mixer.chart" $ }} 14 | heritage: {{ $.Release.Service }} 15 | release: {{ $.Release.Name }} 16 | istio: mixer 17 | spec: 18 | ports: 19 | - name: grpc-mixer 20 | port: 9091 21 | - name: grpc-mixer-mtls 22 | port: 15004 23 | - name: http-monitoring 24 | port: {{ $.Values.global.monitoringPort }} 25 | {{- if eq $key "telemetry" }} 26 | - name: prometheus 27 | port: 42422 28 | {{- if $spec.sessionAffinityEnabled }} 29 | sessionAffinity: ClientIP 30 | {{- end }} 31 | {{- end }} 32 | selector: 33 | istio: mixer 34 | istio-mixer-type: {{ $key }} 35 | --- 36 | {{- end }} 37 | {{- end }} 38 | {{- end }} 39 | 40 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/mixer/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | {{- if .Values.global.imagePullSecrets }} 5 | imagePullSecrets: 6 | {{- range .Values.global.imagePullSecrets }} 7 | - name: {{ . }} 8 | {{- end }} 9 | {{- end }} 10 | metadata: 11 | name: istio-mixer-service-account 12 | namespace: {{ .Release.Namespace }} 13 | labels: 14 | app: {{ template "mixer.name" . }} 15 | chart: {{ template "mixer.chart" . }} 16 | heritage: {{ .Release.Service }} 17 | release: {{ .Release.Name }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/nodeagent/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: nodeagent 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for nodeagent deployment 7 | keywords: 8 | - istio 9 | - nodeagent 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/nodeagent/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "nodeagent.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "nodeagent.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "nodeagent.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/nodeagent/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-nodeagent-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "nodeagent.name" . }} 7 | chart: {{ template "nodeagent.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: ["configmaps"] 13 | verbs: ["get"] -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/nodeagent/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-nodeagent-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "nodeagent.name" . }} 7 | chart: {{ template "nodeagent.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-nodeagent-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-nodeagent-service-account 17 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/nodeagent/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-nodeagent-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "nodeagent.name" . }} 14 | chart: {{ template "nodeagent.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: pilot 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for pilot deployment 7 | keywords: 8 | - istio 9 | - pilot 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pilot.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pilot.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pilot.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/templates/autoscale.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: istio-pilot 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "pilot.name" . }} 9 | chart: {{ template "pilot.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | maxReplicas: {{ .Values.autoscaleMax }} 14 | minReplicas: {{ .Values.autoscaleMin }} 15 | scaleTargetRef: 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | name: istio-pilot 19 | metrics: 20 | - type: Resource 21 | resource: 22 | name: cpu 23 | targetAverageUtilization: {{ .Values.cpu.targetAverageUtilization }} 24 | --- 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-pilot-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "pilot.name" . }} 7 | chart: {{ template "pilot.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: ["config.istio.io"] 12 | resources: ["*"] 13 | verbs: ["*"] 14 | - apiGroups: ["rbac.istio.io"] 15 | resources: ["*"] 16 | verbs: ["get", "watch", "list"] 17 | - apiGroups: ["networking.istio.io"] 18 | resources: ["*"] 19 | verbs: ["*"] 20 | - apiGroups: ["authentication.istio.io"] 21 | resources: ["*"] 22 | verbs: ["*"] 23 | - apiGroups: ["apiextensions.k8s.io"] 24 | resources: ["customresourcedefinitions"] 25 | verbs: ["*"] 26 | - apiGroups: ["extensions"] 27 | resources: ["ingresses", "ingresses/status"] 28 | verbs: ["*"] 29 | - apiGroups: [""] 30 | resources: ["configmaps"] 31 | verbs: ["create", "get", "list", "watch", "update"] 32 | - apiGroups: [""] 33 | resources: ["endpoints", "pods", "services", "namespaces", "nodes", "secrets"] 34 | verbs: ["get", "list", "watch"] 35 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-pilot-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "pilot.name" . }} 7 | chart: {{ template "pilot.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-pilot-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-pilot-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-pilot 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "pilot.name" . }} 9 | chart: {{ template "pilot.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | istio: pilot 13 | spec: 14 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 15 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 16 | {{- end }} 17 | selector: 18 | matchLabels: 19 | app: {{ template "pilot.name" . }} 20 | release: {{ .Release.Name }} 21 | istio: pilot 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-pilot 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "pilot.name" . }} 8 | chart: {{ template "pilot.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: pilot 12 | spec: 13 | ports: 14 | - port: 15010 15 | name: grpc-xds # direct 16 | - port: 15011 17 | name: https-xds # mTLS 18 | - port: 8080 19 | name: http-legacy-discovery # direct 20 | - port: {{ .Values.global.monitoringPort }} 21 | name: http-monitoring 22 | selector: 23 | istio: pilot 24 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/pilot/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-pilot-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "pilot.name" . }} 14 | chart: {{ template "pilot.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/prometheus/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: prometheus 4 | version: 1.2.2 5 | appVersion: 2.8.0 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/prometheus/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "prometheus.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "prometheus.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "prometheus.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/prometheus/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: prometheus-{{ .Release.Namespace }} 5 | labels: 6 | app: prometheus 7 | chart: {{ template "prometheus.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: 13 | - nodes 14 | - services 15 | - endpoints 16 | - pods 17 | - nodes/proxy 18 | verbs: ["get", "list", "watch"] 19 | - apiGroups: [""] 20 | resources: 21 | - configmaps 22 | verbs: ["get"] 23 | - nonResourceURLs: ["/metrics"] 24 | verbs: ["get"] 25 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/prometheus/templates/clusterrolebindings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: prometheus-{{ .Release.Namespace }} 5 | labels: 6 | app: prometheus 7 | chart: {{ template "prometheus.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: prometheus-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: prometheus 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/prometheus/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: prometheus 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: prometheus 14 | chart: {{ template "prometheus.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: security 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for istio authentication 7 | keywords: 8 | - istio 9 | - security 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "security.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "security.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "security.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-citadel-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "security.name" . }} 7 | chart: {{ template "security.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | rules: 11 | - apiGroups: [""] 12 | resources: ["configmaps"] 13 | verbs: ["create", "get", "update"] 14 | - apiGroups: [""] 15 | resources: ["secrets"] 16 | verbs: ["create", "get", "watch", "list", "update", "delete"] 17 | - apiGroups: [""] 18 | resources: ["serviceaccounts", "services"] 19 | verbs: ["get", "watch", "list"] 20 | - apiGroups: ["authentication.k8s.io"] 21 | resources: ["tokenreviews"] 22 | verbs: ["create"] 23 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-citadel-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "security.name" . }} 7 | chart: {{ template "security.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: istio-citadel-{{ .Release.Namespace }} 14 | subjects: 15 | - kind: ServiceAccount 16 | name: istio-citadel-service-account 17 | namespace: {{ .Release.Namespace }} 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-security-custom-resources 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "security.name" . }} 8 | chart: {{ template "security.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: citadel 12 | data: 13 | custom-resources.yaml: |- 14 | {{- if .Values.global.mtls.enabled }} 15 | {{- include "security-default.yaml.tpl" . | indent 4}} 16 | {{- else }} 17 | {{- include "security-permissive.yaml.tpl" . | indent 4}} 18 | {{- end }} 19 | run.sh: |- 20 | {{- include "install-custom-resources.sh.tpl" . | indent 4}} 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/templates/enable-mesh-permissive.yaml: -------------------------------------------------------------------------------- 1 | {{- define "security-permissive.yaml.tpl" }} 2 | # Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. 3 | apiVersion: "authentication.istio.io/v1alpha1" 4 | kind: "MeshPolicy" 5 | metadata: 6 | name: "default" 7 | labels: 8 | app: {{ template "security.name" . }} 9 | chart: {{ template "security.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | peers: 14 | - mtls: 15 | mode: PERMISSIVE 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | # we use the normal name here (e.g. 'prometheus') 5 | # as grafana is configured to use this as a data source 6 | name: istio-citadel 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | app: {{ template "security.name" . }} 10 | chart: {{ template "security.chart" . }} 11 | heritage: {{ .Release.Service }} 12 | release: {{ .Release.Name }} 13 | istio: citadel 14 | spec: 15 | ports: 16 | - name: grpc-citadel 17 | port: 8060 18 | targetPort: 8060 19 | protocol: TCP 20 | - name: http-monitoring 21 | port: {{ .Values.global.monitoringPort }} 22 | selector: 23 | istio: citadel 24 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/security/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-citadel-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "security.name" . }} 14 | chart: {{ template "security.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: sidecarInjectorWebhook 3 | version: 1.2.2 4 | appVersion: 1.2.2 5 | tillerVersion: ">=2.7.2" 6 | description: Helm chart for sidecar injector webhook deployment 7 | keywords: 8 | - istio 9 | - sidecarInjectorWebhook 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "sidecar-injector.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "sidecar-injector.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "sidecar-injector.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: istio-sidecar-injector-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "sidecar-injector.name" . }} 7 | chart: {{ template "sidecar-injector.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | istio: sidecar-injector 11 | rules: 12 | - apiGroups: [""] 13 | resources: ["configmaps"] 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: ["admissionregistration.k8s.io"] 16 | resources: ["mutatingwebhookconfigurations"] 17 | verbs: ["get", "list", "watch", "patch"] 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} 5 | labels: 6 | app: {{ template "sidecar-injector.name" . }} 7 | chart: {{ template "sidecar-injector.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | istio: sidecar-injector 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: istio-sidecar-injector-{{ .Release.Namespace }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: istio-sidecar-injector-service-account 18 | namespace: {{ .Release.Namespace }} 19 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/mutatingwebhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1beta1 2 | kind: MutatingWebhookConfiguration 3 | metadata: 4 | name: istio-sidecar-injector 5 | labels: 6 | app: {{ template "sidecar-injector.name" . }} 7 | chart: {{ template "sidecar-injector.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | webhooks: 11 | - name: sidecar-injector.istio.io 12 | clientConfig: 13 | service: 14 | name: istio-sidecar-injector 15 | namespace: {{ .Release.Namespace }} 16 | path: "/inject" 17 | caBundle: "" 18 | rules: 19 | - operations: [ "CREATE" ] 20 | apiGroups: [""] 21 | apiVersions: ["v1"] 22 | resources: ["pods"] 23 | failurePolicy: Fail 24 | namespaceSelector: 25 | {{- if .Values.enableNamespacesByDefault }} 26 | matchExpressions: 27 | - key: name 28 | operator: NotIn 29 | values: 30 | - {{ .Release.Namespace }} 31 | - key: istio-injection 32 | operator: NotIn 33 | values: 34 | - disabled 35 | {{- else }} 36 | matchLabels: 37 | istio-injection: enabled 38 | {{- end }} 39 | 40 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.defaultPodDisruptionBudget.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: istio-sidecar-injector 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "sidecar-injector.name" . }} 9 | release: {{ .Release.Name }} 10 | istio: sidecar-injector 11 | spec: 12 | {{ include "podDisruptionBudget.spec" .Values.global.defaultPodDisruptionBudget }} 13 | selector: 14 | matchLabels: 15 | app: {{ template "sidecar-injector.name" . }} 16 | release: {{ .Release.Name }} 17 | istio: sidecar-injector 18 | {{- end }} -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: istio-sidecar-injector 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "sidecar-injector.name" . }} 8 | chart: {{ template "sidecar-injector.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | istio: sidecar-injector 12 | spec: 13 | ports: 14 | - port: 443 15 | selector: 16 | istio: sidecar-injector 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/sidecarInjectorWebhook/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istio-sidecar-injector-service-account 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: {{ template "sidecar-injector.name" . }} 14 | chart: {{ template "sidecar-injector.chart" . }} 15 | heritage: {{ .Release.Service }} 16 | release: {{ .Release.Name }} 17 | istio: sidecar-injector 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/tracing/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: tracing 4 | version: 1.2.2 5 | appVersion: 1.5.1 6 | tillerVersion: ">=2.7.2" 7 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/charts/tracing/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "tracing.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "tracing.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "tracing.chart" -}} 31 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/example-values/README.md: -------------------------------------------------------------------------------- 1 | # Example Values 2 | 3 | These files provide various example values for different Istio setups. 4 | 5 | To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`. 6 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/example-values/values-istio-googleca.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | controlPlaneSecurityEnabled: false 3 | 4 | mtls: 5 | # Default setting for service-to-service mtls. Can be set explicitly using 6 | # destination rules or service annotations. 7 | enabled: true 8 | 9 | sds: 10 | enabled: true 11 | udsPath: "unix:/var/run/sds/uds_path" 12 | useTrustworthyJwt: true 13 | 14 | trustDomain: "" 15 | 16 | nodeagent: 17 | enabled: true 18 | image: node-agent-k8s 19 | env: 20 | CA_PROVIDER: "GoogleCA" 21 | CA_ADDR: "istioca.googleapis.com:443" 22 | Plugins: "GoogleTokenExchange" 23 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/example-values/values-istio-multicluster-gateways.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | # Provides dns resolution for global services 3 | podDNSSearchNamespaces: 4 | - global 5 | - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" 6 | 7 | multiCluster: 8 | enabled: true 9 | 10 | controlPlaneSecurityEnabled: true 11 | 12 | # Multicluster with gateways requires a root CA 13 | # Cluster local CAs are bootstrapped with the root CA. 14 | security: 15 | selfSigned: false 16 | 17 | # Provides dns resolution for service entries of form 18 | # name.namespace.global 19 | istiocoredns: 20 | enabled: true 21 | 22 | gateways: 23 | istio-egressgateway: 24 | enabled: true 25 | env: 26 | # Needed to route traffic via egress gateway if desired. 27 | ISTIO_META_REQUESTED_NETWORK_VIEW: "external" 28 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: sidecarInjectorWebhook 3 | version: 1.2.2 4 | condition: sidecarInjectorWebhook.enabled 5 | - name: security 6 | version: 1.2.2 7 | condition: security.enabled 8 | - name: gateways 9 | version: 1.2.2 10 | condition: gateways.enabled 11 | - name: mixer 12 | version: 1.2.2 13 | condition: or mixer.policy.enabled mixer.telemetry.enabled 14 | - name: nodeagent 15 | version: 1.2.2 16 | condition: nodeagent.enabled 17 | - name: pilot 18 | version: 1.2.2 19 | condition: pilot.enabled 20 | - name: grafana 21 | version: 1.2.2 22 | condition: grafana.enabled 23 | - name: prometheus 24 | version: 1.2.2 25 | condition: prometheus.enabled 26 | - name: tracing 27 | version: 1.2.2 28 | condition: tracing.enabled 29 | - name: galley 30 | version: 1.2.2 31 | condition: galley.enabled 32 | - name: kiali 33 | version: 1.2.2 34 | condition: kiali.enabled 35 | - name: istiocoredns 36 | version: 1.2.2 37 | condition: istiocoredns.enabled 38 | - name: certmanager 39 | version: 1.2.2 40 | condition: certmanager.enabled 41 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing {{ .Chart.Name }}. 2 | 3 | Your release is named {{ .Release.Name }}. 4 | 5 | To get started running application with Istio, execute the following steps: 6 | 7 | {{- if index .Values "sidecarInjectorWebhook" "enabled" }} 8 | 1. Label namespace that application object will be deployed to by the following command (take default namespace as an example) 9 | 10 | $ kubectl label namespace default istio-injection=enabled 11 | $ kubectl get namespace -L istio-injection 12 | 13 | 2. Deploy your applications 14 | 15 | $ kubectl apply -f .yaml 16 | {{- else }} 17 | 1. Download the latest release package to get sidecar injection tool 18 | 19 | $ curl -L https://git.io/getLatestIstio | sh - 20 | $ mv istio-* istio-latest 21 | $ export PATH="$PATH:$PWD/istio-latest/bin" 22 | 23 | 2. Deploy your application by manually injecting envoy sidecar with `istioctl kube-inject` 24 | 25 | $ kubectl apply -f <(istioctl kube-inject -f .yaml) 26 | {{- end }} 27 | 28 | For more information on running Istio, visit: 29 | https://istio.io/ -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/templates/_podDisruptionBudget.tpl: -------------------------------------------------------------------------------- 1 | {{- define "podDisruptionBudget.spec" }} 2 | minAvailable: 1 3 | {{- end }} 4 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: istio-reader 5 | rules: 6 | - apiGroups: [''] 7 | resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] 8 | verbs: ['get', 'watch', 'list'] 9 | - apiGroups: ["extensions", "apps"] 10 | resources: ["replicasets"] 11 | verbs: ["get", "list", "watch"] 12 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: istio-multi 5 | labels: 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: istio-reader 11 | subjects: 12 | - kind: ServiceAccount 13 | name: istio-multi 14 | namespace: {{ .Release.Namespace }} 15 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/templates/install-custom-resources.sh.tpl: -------------------------------------------------------------------------------- 1 | {{ define "install-custom-resources.sh.tpl" }} 2 | #!/bin/sh 3 | 4 | set -x 5 | 6 | if [ "$#" -ne "1" ]; then 7 | echo "first argument should be path to custom resource yaml" 8 | exit 1 9 | fi 10 | 11 | pathToResourceYAML=${1} 12 | 13 | kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null 14 | if [ "$?" -eq 0 ]; then 15 | echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" 16 | while true; do 17 | kubectl -n {{ .Release.Namespace }} get deployment istio-galley 2>/dev/null 18 | if [ "$?" -eq 0 ]; then 19 | break 20 | fi 21 | sleep 1 22 | done 23 | kubectl -n {{ .Release.Namespace }} rollout status deployment istio-galley 24 | if [ "$?" -ne 0 ]; then 25 | echo "istio-galley deployment rollout status check failed" 26 | exit 1 27 | fi 28 | echo "istio-galley deployment ready for configuration validation" 29 | fi 30 | sleep 5 31 | kubectl apply -f ${pathToResourceYAML} 32 | {{ end }} 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: istio-multi 5 | namespace: {{ .Release.Namespace }} 6 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/templates/sidecar-injector-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.global.omitSidecarInjectorConfigMap }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: istio-sidecar-injector 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "istio.name" . }} 9 | chart: {{ template "istio.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | istio: sidecar-injector 13 | data: 14 | values: |- 15 | {{ .Values | toJson }} 16 | 17 | config: |- 18 | policy: {{ .Values.global.proxy.autoInject }} 19 | alwaysInjectSelector: 20 | {{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | indent 6 }} 21 | neverInjectSelector: 22 | {{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | indent 6 }} 23 | template: |- 24 | {{ .Files.Get "files/injection-template.yaml" | indent 6 }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/values-istio-minimal.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Minimal Istio Configuration: https://istio.io/docs/setup/kubernetes/minimal-install/ 3 | # 4 | pilot: 5 | enabled: true 6 | sidecar: false 7 | 8 | gateways: 9 | enabled: false 10 | 11 | security: 12 | enabled: false 13 | 14 | sidecarInjectorWebhook: 15 | enabled: false 16 | 17 | galley: 18 | enabled: false 19 | 20 | mixer: 21 | policy: 22 | enabled: false 23 | telemetry: 24 | enabled: false 25 | 26 | prometheus: 27 | enabled: false 28 | 29 | 30 | # Common settings. 31 | global: 32 | 33 | proxy: 34 | # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument 35 | # would be :). 36 | # Disabled by default. 37 | # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. 38 | envoyStatsd: 39 | # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. 40 | enabled: false 41 | host: # example: statsd-svc.istio-system 42 | port: # example: 9125 43 | 44 | useMCP: false 45 | 46 | 47 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/values-istio-remote.yaml: -------------------------------------------------------------------------------- 1 | gateways: 2 | enabled: false 3 | 4 | galley: 5 | enabled: false 6 | 7 | mixer: 8 | policy: 9 | enabled: false 10 | telemetry: 11 | enabled: false 12 | 13 | pilot: 14 | enabled: false 15 | 16 | security: 17 | enabled: true 18 | createMeshPolicy: false 19 | 20 | prometheus: 21 | enabled: false 22 | 23 | global: 24 | istioRemote: true 25 | 26 | enableTracing: false 27 | 28 | # Sets an identifier for the remote network to be used for Split Horizon EDS. The network will be sent 29 | # to the Pilot when connected by the sidecar and will affect the results returned in EDS requests. 30 | # Based on the network identifier Pilot will return all local endpoints + endpoints of gateways to 31 | # other networks. 32 | # 33 | # Must match the names in the meshNetworks section in the Istio local. 34 | network: "" 35 | -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/helm/istio/values-istio-sds-auth.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | controlPlaneSecurityEnabled: false 3 | 4 | mtls: 5 | # Default setting for service-to-service mtls. Can be set explicitly using 6 | # destination rules or service annotations. 7 | enabled: true 8 | 9 | sds: 10 | enabled: true 11 | udsPath: "unix:/var/run/sds/uds_path" 12 | useNormalJwt: true 13 | 14 | nodeagent: 15 | enabled: true 16 | image: node-agent-k8s 17 | env: 18 | CA_PROVIDER: "Citadel" 19 | CA_ADDR: "istio-citadel:8060" 20 | VALID_TOKEN: true -------------------------------------------------------------------------------- /student/istio-1.2.2/install/kubernetes/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: istio-system 5 | labels: 6 | istio-injection: disabled 7 | --- 8 | -------------------------------------------------------------------------------- /student/istio-1.2.2/istio.VERSION: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT THIS FILE MANUALLY instead use 2 | # install/updateVersion.sh (see install/README.md) 3 | export GALLEY_HUB="docker.io/istio" 4 | export GALLEY_TAG="1.2.2" 5 | export CITADEL_HUB="docker.io/istio" 6 | export CITADEL_TAG="1.2.2" 7 | export MIXER_HUB="docker.io/istio" 8 | export MIXER_TAG="1.2.2" 9 | export PILOT_HUB="docker.io/istio" 10 | export PILOT_TAG="1.2.2" 11 | export PROXY_HUB="docker.io/istio" 12 | export PROXY_TAG="1.2.2" 13 | export ISTIO_NAMESPACE="istio-system" 14 | export PILOT_DEBIAN_URL="https://storage.googleapis.com/istio-release/releases/1.2.2/deb" 15 | export FORTIO_HUB="docker.io/fortio" 16 | export FORTIO_TAG="latest_release" 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/README.md: -------------------------------------------------------------------------------- 1 | # Istio Samples 2 | 3 | This directory contains sample applications highlighting Istio's various 4 | features. To run these samples, check out the tutorials [here](https://istio.io/docs/guides/). 5 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/README.md: -------------------------------------------------------------------------------- 1 | # Bookinfo Sample 2 | See https://istio.io/docs/examples/bookinfo/ 3 | 4 | ## Build docker images without pushing 5 | ``` 6 | src/build-services.sh 7 | ``` 8 | 9 | The bookinfo versions are different from Istio versions since the sample should work with any version of Istio. 10 | 11 | ## Update docker images in the yaml files 12 | ``` 13 | sed -i "s/\(istio\/examples-bookinfo-.*\):[[:digit:]]\.[[:digit:]]\.[[:digit:]]//g" */bookinfo*.yaml 14 | ``` 15 | 16 | ## Push docker images to docker hub 17 | One script to build the docker images, push them to docker hub and to update the yaml files 18 | ``` 19 | build_push_update_images.sh 20 | ``` 21 | 22 | ## Tests 23 | Bookinfo is tested by e2e smoke test on every PR. The Bookinfo e2e test is in [tests/e2e/tests/bookinfo](https://github.com/istio/istio/tree/master/tests/e2e/tests/bookinfo), make target `e2e_bookinfo`. 24 | 25 | The reference productpage HTML files are in [tests/apps/bookinfo/output](https://github.com/istio/istio/tree/master/tests/apps/bookinfo/output). If the productpage HTML produced by the app is changed, remember to regenerate the reference HTML files and commit them with the same PR. 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/bookinfo-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: bookinfo-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway # use istio default controller 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: bookinfo 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - bookinfo-gateway 25 | http: 26 | - match: 27 | - uri: 28 | exact: /productpage 29 | - uri: 30 | prefix: /static 31 | - uri: 32 | exact: /login 33 | - uri: 34 | exact: /logout 35 | - uri: 36 | prefix: /api/v1/products 37 | route: 38 | - destination: 39 | host: productpage 40 | port: 41 | number: 9080 42 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/certmanager-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: cert-manager-gateway 5 | namespace: istio-system 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | number: 80 12 | name: http 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | --- 17 | apiVersion: networking.istio.io/v1alpha3 18 | kind: VirtualService 19 | metadata: 20 | name: cert-manager 21 | namespace: istio-system 22 | spec: 23 | hosts: 24 | - "*" 25 | gateways: 26 | - cert-manager-gateway 27 | http: 28 | - match: 29 | - uri: 30 | prefix: /.well-known/acme-challenge/ 31 | route: 32 | - destination: 33 | host: cert-manager-resolver 34 | port: 35 | number: 8089 36 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/destination-rule-reviews.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: reviews 5 | spec: 6 | host: reviews 7 | trafficPolicy: 8 | loadBalancer: 9 | simple: RANDOM 10 | subsets: 11 | - name: v1 12 | labels: 13 | version: v1 14 | - name: v2 15 | labels: 16 | version: v2 17 | - name: v3 18 | labels: 19 | version: v3 20 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/egress-rule-google-apis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: ServiceEntry 3 | metadata: 4 | name: googleapis 5 | spec: 6 | hosts: 7 | - "*.googleapis.com" 8 | ports: 9 | - number: 443 10 | name: https 11 | protocol: http 12 | --- 13 | apiVersion: networking.istio.io/v1alpha3 14 | kind: DestinationRule 15 | metadata: 16 | name: googleapis 17 | spec: 18 | host: "*.googleapis.com" 19 | trafficPolicy: 20 | tls: 21 | mode: SIMPLE # initiates HTTPS when talking to www.google.com -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/fault-injection-details-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: details 5 | spec: 6 | hosts: 7 | - details 8 | http: 9 | - fault: 10 | abort: 11 | httpStatus: 555 12 | percent: 100 13 | route: 14 | - destination: 15 | host: details 16 | subset: v1 17 | - route: 18 | - destination: 19 | host: details 20 | subset: v1 21 | --- 22 | apiVersion: networking.istio.io/v1alpha3 23 | kind: DestinationRule 24 | metadata: 25 | name: details 26 | spec: 27 | host: details 28 | subsets: 29 | - name: v1 30 | labels: 31 | version: v1 -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-all-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: productpage 5 | spec: 6 | hosts: 7 | - productpage 8 | http: 9 | - route: 10 | - destination: 11 | host: productpage 12 | subset: v1 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: reviews 18 | spec: 19 | hosts: 20 | - reviews 21 | http: 22 | - route: 23 | - destination: 24 | host: reviews 25 | subset: v1 26 | --- 27 | apiVersion: networking.istio.io/v1alpha3 28 | kind: VirtualService 29 | metadata: 30 | name: ratings 31 | spec: 32 | hosts: 33 | - ratings 34 | http: 35 | - route: 36 | - destination: 37 | host: ratings 38 | subset: v1 39 | --- 40 | apiVersion: networking.istio.io/v1alpha3 41 | kind: VirtualService 42 | metadata: 43 | name: details 44 | spec: 45 | hosts: 46 | - details 47 | http: 48 | - route: 49 | - destination: 50 | host: details 51 | subset: v1 52 | --- 53 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-details-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: details 5 | spec: 6 | hosts: 7 | - details 8 | http: 9 | - route: 10 | - destination: 11 | host: details 12 | subset: v2 13 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-ratings-db.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: ratings 18 | spec: 19 | hosts: 20 | - ratings 21 | http: 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v2 26 | --- 27 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-ratings-mysql-vm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: ratings 18 | spec: 19 | hosts: 20 | - ratings 21 | http: 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v2-mysql-vm 26 | --- 27 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-ratings-mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: ratings 18 | spec: 19 | hosts: 20 | - ratings 21 | http: 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v2-mysql 26 | --- 27 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | abort: 15 | percentage: 16 | value: 100.0 17 | httpStatus: 500 18 | route: 19 | - destination: 20 | host: ratings 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v1 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | delay: 15 | percentage: 16 | value: 100.0 17 | fixedDelay: 7s 18 | route: 19 | - destination: 20 | host: ratings 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings 25 | subset: v1 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 50 14 | - destination: 15 | host: reviews 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-reviews-80-20.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 80 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | weight: 20 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-reviews-90-10.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 90 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | weight: 10 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews 20 | subset: v3 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews 20 | subset: v1 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-reviews-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v2 13 | weight: 50 14 | - destination: 15 | host: reviews 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/networking/virtual-service-reviews-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/destination-rule-all.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: productpage 5 | spec: 6 | host: productpage.service.consul 7 | subsets: 8 | - name: v1 9 | labels: 10 | version: v1 11 | --- 12 | apiVersion: networking.istio.io/v1alpha3 13 | kind: DestinationRule 14 | metadata: 15 | name: reviews 16 | spec: 17 | host: reviews.service.consul 18 | subsets: 19 | - name: v1 20 | labels: 21 | version: v1 22 | - name: v2 23 | labels: 24 | version: v2 25 | - name: v3 26 | labels: 27 | version: v3 28 | --- 29 | apiVersion: networking.istio.io/v1alpha3 30 | kind: DestinationRule 31 | metadata: 32 | name: ratings 33 | spec: 34 | host: ratings.service.consul 35 | subsets: 36 | - name: v1 37 | labels: 38 | version: v1 39 | --- 40 | apiVersion: networking.istio.io/v1alpha3 41 | kind: DestinationRule 42 | metadata: 43 | name: details 44 | spec: 45 | host: details.service.consul 46 | subsets: 47 | - name: v1 48 | labels: 49 | version: v1 50 | - name: v2 51 | labels: 52 | version: v2 53 | --- 54 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/virtual-service-all-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: productpage 5 | spec: 6 | hosts: 7 | - productpage.service.consul 8 | http: 9 | - route: 10 | - destination: 11 | host: productpage.service.consul 12 | subset: v1 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: VirtualService 16 | metadata: 17 | name: reviews 18 | spec: 19 | hosts: 20 | - reviews.service.consul 21 | http: 22 | - route: 23 | - destination: 24 | host: reviews.service.consul 25 | subset: v1 26 | --- 27 | apiVersion: networking.istio.io/v1alpha3 28 | kind: VirtualService 29 | metadata: 30 | name: ratings 31 | spec: 32 | hosts: 33 | - ratings.service.consul 34 | http: 35 | - route: 36 | - destination: 37 | host: ratings.service.consul 38 | subset: v1 39 | --- 40 | apiVersion: networking.istio.io/v1alpha3 41 | kind: VirtualService 42 | metadata: 43 | name: details 44 | spec: 45 | hosts: 46 | - details.service.consul 47 | http: 48 | - route: 49 | - destination: 50 | host: details.service.consul 51 | subset: v1 52 | --- 53 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/virtual-service-ratings-test-abort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings.service.consul 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | abort: 15 | percentage: 16 | value: 100.0 17 | httpStatus: 500 18 | route: 19 | - destination: 20 | host: ratings.service.consul 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings.service.consul 25 | subset: v1 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/virtual-service-ratings-test-delay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings.service.consul 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | fault: 14 | delay: 15 | percentage: 16 | value: 100.0 17 | fixedDelay: 7s 18 | route: 19 | - destination: 20 | host: ratings.service.consul 21 | subset: v1 22 | - route: 23 | - destination: 24 | host: ratings.service.consul 25 | subset: v1 26 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/virtual-service-reviews-50-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews.service.consul 12 | subset: v1 13 | weight: 50 14 | - destination: 15 | host: reviews.service.consul 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/virtual-service-reviews-test-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews.service.consul 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews.service.consul 20 | subset: v1 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/virtual-service-reviews-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews.service.consul 12 | subset: v2 13 | weight: 50 14 | - destination: 15 | host: reviews.service.consul 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/consul/virtual-service-reviews-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews.service.consul 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews.service.consul 12 | subset: v3 13 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/README.md: -------------------------------------------------------------------------------- 1 | See the [Bookinfo guide](https://istio.io/docs/guides/bookinfo.html) in Istio 2 | docs for instructions on how to run this demo application. 3 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/bookinfo-certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: certmanager.k8s.io/v1alpha1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-staging 6 | namespace: istio-system 7 | spec: 8 | acme: 9 | # The ACME server URL 10 | server: https://acme-staging-v02.api.letsencrypt.org/directory 11 | # Email address used for ACME registration 12 | email: stage@istio.io 13 | # Name of a secret used to store the ACME account private key 14 | privateKeySecretRef: 15 | name: letsencrypt-staging 16 | # Enable the HTTP-01 challenge provider 17 | http01: {} 18 | --- 19 | apiVersion: certmanager.k8s.io/v1alpha1 20 | kind: Certificate 21 | metadata: 22 | name: istio-ingressgateway-certs 23 | namespace: istio-system 24 | spec: 25 | secretName: istio-ingressgateway-certs 26 | issuerRef: 27 | name: letsencrypt-staging 28 | kind: ClusterIssuer 29 | commonName: bookinfo.example.com 30 | dnsNames: 31 | - bookinfo.example.com 32 | acme: 33 | config: 34 | - http01: 35 | ingressClass: none 36 | domains: 37 | - bookinfo.example.com 38 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/bookinfo-ratings-discovery.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2017 Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ################################################################################################## 16 | # Ratings service 17 | ################################################################################################## 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: ratings 22 | labels: 23 | app: ratings 24 | spec: 25 | ports: 26 | - port: 9080 27 | name: http 28 | selector: 29 | app: ratings 30 | --- 31 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/productpage-nodeport.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2017 Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ################################################################################################## 16 | # Productpage services 17 | ################################################################################################## 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: productpage 22 | labels: 23 | app: productpage 24 | service: productpage 25 | spec: 26 | type: NodePort 27 | ports: 28 | - port: 9080 29 | name: http 30 | selector: 31 | app: productpage 32 | --- 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/details-reviews-policy-permissive.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: details-reviews-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["details.default.svc.cluster.local", "reviews.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-details-reviews 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "cluster.local/ns/default/sa/bookinfo-productpage" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "details-reviews-viewer" 22 | mode: PERMISSIVE 23 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/details-reviews-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: details-reviews-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["details.default.svc.cluster.local", "reviews.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-details-reviews 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "cluster.local/ns/default/sa/bookinfo-productpage" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "details-reviews-viewer" 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/mongodb-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: mongodb-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["mongodb.default.svc.cluster.local"] 9 | constraints: 10 | - key: "destination.port" 11 | values: ["27017"] 12 | --- 13 | apiVersion: "rbac.istio.io/v1alpha1" 14 | kind: ServiceRoleBinding 15 | metadata: 16 | name: bind-mongodb-viewer 17 | namespace: default 18 | spec: 19 | subjects: 20 | - user: "cluster.local/ns/default/sa/bookinfo-ratings-v2" 21 | roleRef: 22 | kind: ServiceRole 23 | name: "mongodb-viewer" 24 | --- 25 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/namespace-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: service-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["*"] 9 | methods: ["GET"] 10 | constraints: 11 | - key: "destination.labels[app]" 12 | values: ["productpage", "details", "reviews", "ratings"] 13 | --- 14 | apiVersion: "rbac.istio.io/v1alpha1" 15 | kind: ServiceRoleBinding 16 | metadata: 17 | name: bind-service-viewer 18 | namespace: default 19 | spec: 20 | subjects: 21 | - properties: 22 | source.namespace: "istio-system" 23 | - properties: 24 | source.namespace: "default" 25 | roleRef: 26 | kind: ServiceRole 27 | name: "service-viewer" 28 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/productpage-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: productpage-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["productpage.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-productpage-viewer 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "*" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "productpage-viewer" 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/ratings-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ServiceRole 3 | metadata: 4 | name: ratings-viewer 5 | namespace: default 6 | spec: 7 | rules: 8 | - services: ["ratings.default.svc.cluster.local"] 9 | methods: ["GET"] 10 | --- 11 | apiVersion: "rbac.istio.io/v1alpha1" 12 | kind: ServiceRoleBinding 13 | metadata: 14 | name: bind-ratings 15 | namespace: default 16 | spec: 17 | subjects: 18 | - user: "cluster.local/ns/default/sa/bookinfo-reviews" 19 | roleRef: 20 | kind: ServiceRole 21 | name: "ratings-viewer" 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/rbac-config-ON.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ClusterRbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: 'ON_WITH_INCLUSION' 7 | inclusion: 8 | namespaces: ["default"] 9 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/rbac-config-on-mongodb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ClusterRbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: 'ON_WITH_INCLUSION' 7 | inclusion: 8 | services: ["mongodb.default.svc.cluster.local"] 9 | --- 10 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/platform/kube/rbac/rbac-config-on-permissive.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: ClusterRbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: 'ON_WITH_INCLUSION' 7 | inclusion: 8 | namespaces: ["default"] 9 | enforcement_mode: PERMISSIVE 10 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-deny-ip-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: listchecker 3 | metadata: 4 | name: whitelistip 5 | spec: 6 | # providerUrl: ordinarily black and white lists are maintained 7 | # externally and fetched asynchronously using the providerUrl. 8 | overrides: ["10.57.0.0/16"] # overrides provide a static list 9 | blacklist: false 10 | entryType: IP_ADDRESSES 11 | --- 12 | apiVersion: config.istio.io/v1alpha2 13 | kind: listentry 14 | metadata: 15 | name: sourceip 16 | spec: 17 | value: source.ip | ip("0.0.0.0") 18 | --- 19 | apiVersion: config.istio.io/v1alpha2 20 | kind: rule 21 | metadata: 22 | name: checkip 23 | spec: 24 | match: source.labels["istio"] == "ingressgateway" 25 | actions: 26 | - handler: whitelistip.listchecker 27 | instances: 28 | - sourceip.listentry 29 | --- 30 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-deny-ip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: handler 3 | metadata: 4 | name: whitelistip 5 | spec: 6 | compiledAdapter: listchecker 7 | params: 8 | # providerUrl: ordinarily black and white lists are maintained 9 | # externally and fetched asynchronously using the providerUrl. 10 | overrides: ["10.57.0.0/16"] # overrides provide a static list 11 | blacklist: false 12 | entryType: IP_ADDRESSES 13 | --- 14 | apiVersion: config.istio.io/v1alpha2 15 | kind: instance 16 | metadata: 17 | name: sourceip 18 | spec: 19 | compiledTemplate: listentry 20 | params: 21 | value: source.ip | ip("0.0.0.0") 22 | --- 23 | apiVersion: config.istio.io/v1alpha2 24 | kind: rule 25 | metadata: 26 | name: checkip 27 | spec: 28 | match: source.labels["istio"] == "ingressgateway" 29 | actions: 30 | - handler: whitelistip 31 | instances: [ sourceip ] 32 | --- 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-deny-label-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: denier 3 | metadata: 4 | name: denyreviewsv3handler 5 | spec: 6 | status: 7 | code: 7 8 | message: Not allowed 9 | --- 10 | apiVersion: "config.istio.io/v1alpha2" 11 | kind: checknothing 12 | metadata: 13 | name: denyreviewsv3request 14 | spec: 15 | --- 16 | apiVersion: "config.istio.io/v1alpha2" 17 | kind: rule 18 | metadata: 19 | name: denyreviewsv3 20 | spec: 21 | match: destination.labels["app"] == "ratings" && source.labels["app"]=="reviews" && source.labels["version"] == "v3" 22 | actions: 23 | - handler: denyreviewsv3handler.denier 24 | instances: [ denyreviewsv3request.checknothing ] 25 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-deny-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: handler 3 | metadata: 4 | name: denyreviewsv3handler 5 | spec: 6 | compiledAdapter: denier 7 | params: 8 | status: 9 | code: 7 10 | message: Not allowed 11 | --- 12 | apiVersion: "config.istio.io/v1alpha2" 13 | kind: instance 14 | metadata: 15 | name: denyreviewsv3request 16 | spec: 17 | compiledTemplate: checknothing 18 | --- 19 | apiVersion: "config.istio.io/v1alpha2" 20 | kind: rule 21 | metadata: 22 | name: denyreviewsv3 23 | spec: 24 | match: destination.labels["app"] == "ratings" && source.labels["app"]=="reviews" && source.labels["version"] == "v3" 25 | actions: 26 | - handler: denyreviewsv3handler 27 | instances: [ denyreviewsv3request ] 28 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-deny-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: handler 3 | metadata: 4 | name: denyproductpagehandler 5 | spec: 6 | compiledAdapter: denier 7 | params: 8 | status: 9 | code: 7 10 | message: Not allowed 11 | --- 12 | apiVersion: "config.istio.io/v1alpha2" 13 | kind: instance 14 | metadata: 15 | name: denyproductpagerequest 16 | spec: 17 | compiledTemplate: checknothing 18 | --- 19 | apiVersion: "config.istio.io/v1alpha2" 20 | kind: rule 21 | metadata: 22 | name: denyproductpage 23 | spec: 24 | match: destination.labels["app"] == "details" && source.user == "cluster.local/ns/default/sa/bookinfo-productpage" 25 | actions: 26 | - handler: denyproductpagehandler 27 | instances: [ denyproductpagerequest ] 28 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-deny-whitelist-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: listchecker 3 | metadata: 4 | name: whitelist 5 | spec: 6 | # providerUrl: ordinarily black and white lists are maintained 7 | # externally and fetched asynchronously using the providerUrl. 8 | overrides: ["v1", "v2"] # overrides provide a static list 9 | blacklist: false 10 | --- 11 | apiVersion: config.istio.io/v1alpha2 12 | kind: listentry 13 | metadata: 14 | name: appversion 15 | spec: 16 | value: source.labels["version"] 17 | --- 18 | apiVersion: config.istio.io/v1alpha2 19 | kind: rule 20 | metadata: 21 | name: checkversion 22 | spec: 23 | match: destination.labels["app"] == "ratings" 24 | actions: 25 | - handler: whitelist.listchecker 26 | instances: 27 | - appversion.listentry 28 | --- 29 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-deny-whitelist.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: handler 3 | metadata: 4 | name: whitelist 5 | spec: 6 | compiledAdapter: listchecker 7 | params: 8 | # providerUrl: ordinarily black and white lists are maintained 9 | # externally and fetched asynchronously using the providerUrl. 10 | overrides: ["v1", "v2"] # overrides provide a static list 11 | blacklist: false 12 | --- 13 | apiVersion: config.istio.io/v1alpha2 14 | kind: instance 15 | metadata: 16 | name: appversion 17 | spec: 18 | compiledTemplate: listentry 19 | params: 20 | value: source.labels["version"] 21 | --- 22 | apiVersion: config.istio.io/v1alpha2 23 | kind: rule 24 | metadata: 25 | name: checkversion 26 | spec: 27 | match: destination.labels["app"] == "ratings" 28 | actions: 29 | - handler: whitelist 30 | instances: [ appversion ] 31 | --- 32 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-ingress-denial.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: handler 3 | metadata: 4 | name: handler 5 | namespace: istio-system 6 | spec: 7 | compiledAdapter: denier 8 | params: 9 | status: 10 | code: 7 11 | message: Not allowed 12 | --- 13 | apiVersion: "config.istio.io/v1alpha2" 14 | kind: instance 15 | metadata: 16 | name: denyrequest 17 | namespace: istio-system 18 | spec: 19 | compiledTemplate: checknothing 20 | --- 21 | apiVersion: "config.istio.io/v1alpha2" 22 | kind: rule 23 | metadata: 24 | name: denyingress 25 | namespace: istio-system 26 | spec: 27 | match: (source.labels["istio"] | "") == "ingressgateway" && (request.headers["x-user"] | "") == "john" 28 | actions: 29 | - handler: handler 30 | instances: [ denyrequest ] 31 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/mixer-rule-ratings-denial.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: handler 3 | metadata: 4 | name: denierhandler 5 | namespace: istio-system 6 | spec: 7 | compiledAdapter: denier 8 | params: 9 | status: 10 | code: 7 11 | message: Not allowed 12 | --- 13 | apiVersion: "config.istio.io/v1alpha2" 14 | kind: instance 15 | metadata: 16 | name: denyrequest 17 | namespace: istio-system 18 | spec: 19 | compiledTemplate: checknothing 20 | --- 21 | apiVersion: "config.istio.io/v1alpha2" 22 | kind: rule 23 | metadata: 24 | name: denyreviewsv3 25 | namespace: istio-system 26 | spec: 27 | #FIXME match: destination.labels["app"]=="productpage" && request.headers["x-user"] == "" 28 | match: (request.headers["x-user"] | "") == "john" 29 | actions: 30 | - handler: denierhandler 31 | instances: [ denyrequest ] 32 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/policy/prometheus-adapter-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: prometheusadapter 5 | namespace: istio-system 6 | labels: 7 | app: prometheusadapter 8 | spec: 9 | ports: 10 | - name: http 11 | port: 8080 12 | - name: prometheus 13 | port: 42422 14 | selector: 15 | app: prometheusadapter 16 | --- 17 | apiVersion: extensions/v1beta1 18 | kind: Deployment 19 | metadata: 20 | name: prometheusadapter 21 | namespace: istio-system 22 | spec: 23 | replicas: 1 24 | template: 25 | metadata: 26 | labels: 27 | app: prometheusadapter 28 | version: v1 29 | annotations: 30 | prometheus.io/scrape: "true" 31 | prometheus.io/port: "42422" 32 | spec: 33 | containers: 34 | - image: gcr.io/istio-testing/prometheusadapter:release-1.1 35 | imagePullPolicy: Always 36 | name: prometheusadapter 37 | ports: 38 | - containerPort: 8080 39 | - containerPort: 42422 40 | --- 41 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/src/mongodb/ratings_data.json: -------------------------------------------------------------------------------- 1 | {rating: 5} 2 | {rating: 4} 3 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/src/productpage/requirements.txt: -------------------------------------------------------------------------------- 1 | certifi==2019.3.9 2 | chardet==3.0.4 3 | Click==7.0 4 | contextlib2==0.5.5 5 | dominate==2.3.5 6 | Flask==1.0.2 7 | Flask-Bootstrap==3.3.7.1 8 | Flask-JSON==0.3.3 9 | future==0.17.1 10 | futures==3.1.1 11 | gevent==1.3.0 12 | greenlet==0.4.15 13 | idna==2.8 14 | itsdangerous==1.1.0 15 | jaeger-client==3.13.0 16 | Jinja2==2.10 17 | json2html==1.2.1 18 | MarkupSafe==0.23 19 | nose==1.3.7 20 | opentracing==1.2.2 21 | opentracing-instrumentation==2.4.3 22 | requests==2.21.0 23 | simplejson==3.16.0 24 | six==1.12.0 25 | threadloop==1.0.2 26 | thrift==0.11.0 27 | tornado==4.5.3 28 | urllib3==1.24.2 29 | visitor==0.1.3 30 | Werkzeug==0.14.1 31 | wrapt==1.11.1 32 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/src/productpage/test-requirements.txt: -------------------------------------------------------------------------------- 1 | requests-mock==1.5.2 2 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/bookinfo/src/ratings/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "scripts": { 3 | "start": "node ratings.js" 4 | }, 5 | "dependencies": { 6 | "httpdispatcher": "1.0.0", 7 | "mongodb": "^2.2.31", 8 | "mysql": "^2.15.0" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/custom-bootstrap/custom-bootstrap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-custom-bootstrap-config 5 | namespace: default 6 | data: 7 | custom_bootstrap.json: | 8 | { 9 | "tracing": { 10 | "http": { 11 | "name": "envoy.zipkin", 12 | "config": { 13 | "collector_cluster": "zipkin", 14 | "collector_endpoint": "/api/v1/spans/custom", 15 | "trace_id_128bit": "true" 16 | } 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/custom-bootstrap/example-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: helloworld-v1 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | annotations: 10 | sidecar.istio.io/bootstrapOverride: "istio-custom-bootstrap-config" 11 | labels: 12 | app: helloworld 13 | version: v1 14 | spec: 15 | containers: 16 | - name: helloworld 17 | image: istio/examples-helloworld-v1 18 | resources: 19 | requests: 20 | cpu: "100m" 21 | imagePullPolicy: IfNotPresent 22 | ports: 23 | - containerPort: 5000 24 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/external/aptget.yaml: -------------------------------------------------------------------------------- 1 | # This ServiceEntry exposes the hosts needed for installing packages with apt-get. 2 | # After applying this file, Istio-enabled pods (configured apt-get) be able to execute 3 | # `apt-get upgrade` and `apt-get install`. If this is not installed you may get 4 | # "404 Not Found" 5 | 6 | apiVersion: networking.istio.io/v1alpha3 7 | kind: ServiceEntry 8 | metadata: 9 | name: make-aptget-work 10 | spec: 11 | hosts: 12 | - deb.debian.org 13 | - cdn-fastly.deb.debian.org 14 | - security.debian.org 15 | - archive.ubuntu.com 16 | - security.ubuntu.com 17 | ports: 18 | - number: 80 19 | name: http 20 | protocol: HTTP 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/external/pypi.yaml: -------------------------------------------------------------------------------- 1 | # This ServiceEntry exposes the hosts needed for Python `pip`. 2 | # After applying this file, Istio-enabled pods will be able to execute 3 | # `pip search istio`. 4 | 5 | # HTTP and TLS, the host must be specified 6 | # See https://istio.io/docs/tasks/traffic-management/egress/ 7 | 8 | apiVersion: networking.istio.io/v1alpha3 9 | kind: ServiceEntry 10 | metadata: 11 | name: python-https 12 | spec: 13 | hosts: 14 | - pypi.python.org 15 | ports: 16 | - number: 443 17 | name: https 18 | protocol: HTTPS 19 | --- 20 | # pypi.python.org may 301 redirect to pypi.org, so we need this too. 21 | apiVersion: networking.istio.io/v1alpha3 22 | kind: ServiceEntry 23 | metadata: 24 | name: pypi-https 25 | spec: 26 | hosts: 27 | - pypi.org 28 | ports: 29 | - number: 443 30 | name: https 31 | protocol: HTTPS 32 | --- 33 | # pip install may fetch files from files.pythonhosted.org 34 | apiVersion: networking.istio.io/v1alpha3 35 | kind: ServiceEntry 36 | metadata: 37 | name: pythonhosted-https 38 | spec: 39 | hosts: 40 | - files.pythonhosted.org 41 | ports: 42 | - number: 443 43 | name: https 44 | protocol: HTTPS 45 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/health-check/liveness-http-same-port.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: liveness-http 5 | labels: 6 | app: liveness-http 7 | spec: 8 | ports: 9 | - name: http 10 | port: 8001 11 | selector: 12 | app: liveness-http 13 | --- 14 | apiVersion: extensions/v1beta1 15 | kind: Deployment 16 | metadata: 17 | name: liveness-http 18 | spec: 19 | template: 20 | metadata: 21 | labels: 22 | app: liveness-http 23 | version: v1 24 | spec: 25 | containers: 26 | - name: liveness-http 27 | image: docker.io/istio/health:example 28 | ports: 29 | - containerPort: 8001 30 | livenessProbe: 31 | httpGet: 32 | path: /foo 33 | port: 8001 34 | initialDelaySeconds: 5 35 | periodSeconds: 5 36 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/health-check/liveness-http.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: liveness-http 5 | labels: 6 | app: liveness-http 7 | spec: 8 | ports: 9 | - name: http 10 | port: 8001 11 | selector: 12 | app: liveness-http 13 | --- 14 | apiVersion: extensions/v1beta1 15 | kind: Deployment 16 | metadata: 17 | name: liveness-http 18 | spec: 19 | template: 20 | metadata: 21 | labels: 22 | app: liveness-http 23 | version: v1 24 | spec: 25 | containers: 26 | - name: liveness-http 27 | image: docker.io/istio/health:example 28 | ports: 29 | - containerPort: 8001 30 | livenessProbe: 31 | httpGet: 32 | path: /foo 33 | port: 8002 34 | initialDelaySeconds: 5 35 | periodSeconds: 5 36 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/helloworld/helloworld-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: helloworld-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway # use istio default controller 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: helloworld 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - helloworld-gateway 25 | http: 26 | - match: 27 | - uri: 28 | exact: /hello 29 | route: 30 | - destination: 31 | host: helloworld 32 | port: 33 | number: 5000 34 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/helloworld/src/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | flask 3 | flask_json 4 | flask_bootstrap 5 | json2html 6 | simplejson 7 | gevent 8 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/httpbin/httpbin-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: httpbin-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: httpbin 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - httpbin-gateway 25 | http: 26 | - match: 27 | route: 28 | - destination: 29 | host: httpbin 30 | port: 31 | number: 8000 32 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/httpbin/policy/keyval.yaml: -------------------------------------------------------------------------------- 1 | # this config is created through command 2 | # mixgen adapter -c $GOPATH/src/istio.io/istio/mixer/test/keyval/config.proto_descriptor -o $GOPATH/src/istio.io/istio/mixer/test/keyval -s=false -n keyval -t keyval 3 | apiVersion: "config.istio.io/v1alpha2" 4 | kind: adapter 5 | metadata: 6 | name: keyval 7 | namespace: istio-system 8 | spec: 9 | description: 10 | session_based: false 11 | templates: 12 | - keyval 13 | config: CsgCCh5taXhlci90ZXN0L2tleXZhbC9jb25maWcucHJvdG8SBmtleXZhbCJzCgZQYXJhbXMSLwoFdGFibGUYASADKAsyGS5rZXl2YWwuUGFyYW1zLlRhYmxlRW50cnlSBXRhYmxlGjgKClRhYmxlRW50cnkSEAoDa2V5GAEgASgJUgNrZXkSFAoFdmFsdWUYAiABKAlSBXZhbHVlOgI4AUqgAQoGEgQAAAgBCggKAQwSAwAAEgoICgECEgMCCA4KIAoCBAASBAUACAEaFCBBZGFwdGVyIHBhcmFtZXRlcnMKCgoKAwQAARIDBQgOChsKBAQAAgASAwcCIBoOIExvb2t1cCB0YWJsZQoKDQoFBAACAAQSBAcCBRAKDAoFBAACAAYSAwcCFQoMCgUEAAIAARIDBxYbCgwKBQQAAgADEgMHHh9iBnByb3RvMw== 14 | --- 15 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/httpbin/sample-client/fortio-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: fortio 5 | labels: 6 | app: fortio 7 | spec: 8 | ports: 9 | - port: 8080 10 | name: http 11 | selector: 12 | app: fortio 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: fortio-deploy 18 | spec: 19 | replicas: 1 20 | selector: 21 | matchLabels: 22 | app: fortio 23 | template: 24 | metadata: 25 | annotations: 26 | # This annotation causes Envoy to serve cluster.outbound statistics via 15000/stats 27 | # in addition to the stats normally served by Istio. The Circuit Breaking example task 28 | # gives an example of inspecting Envoy stats. 29 | sidecar.istio.io/statsInclusionPrefixes: cluster.outbound,cluster_manager,listener_manager,http_mixer_filter,tcp_mixer_filter,server,cluster.xds-grpc 30 | labels: 31 | app: fortio 32 | spec: 33 | containers: 34 | - name: fortio 35 | image: fortio/fortio:latest_release 36 | imagePullPolicy: Always 37 | ports: 38 | - containerPort: 8080 39 | name: http-fortio 40 | - containerPort: 8079 41 | name: grpc-ping 42 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/https/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl; 3 | 4 | root /usr/share/nginx/html; 5 | index index.html; 6 | 7 | server_name localhost; 8 | ssl_certificate /etc/nginx/ssl/tls.crt; 9 | ssl_certificate_key /etc/nginx/ssl/tls.key; 10 | } 11 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/https/nginx-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-nginx 5 | labels: 6 | app: nginx 7 | spec: 8 | type: NodePort 9 | ports: 10 | - port: 443 11 | name: https 12 | selector: 13 | app: nginx 14 | --- 15 | apiVersion: v1 16 | kind: ReplicationController 17 | metadata: 18 | name: my-nginx 19 | spec: 20 | replicas: 1 21 | template: 22 | metadata: 23 | labels: 24 | app: nginx 25 | spec: 26 | volumes: 27 | - name: secret-volume 28 | secret: 29 | secretName: nginxsecret 30 | - name: configmap-volume 31 | configMap: 32 | name: nginxconfigmap 33 | containers: 34 | - name: nginxhttps 35 | image: ymqytw/nginxhttps:1.5 36 | command: ["/home/auto-reload-nginx.sh"] 37 | ports: 38 | - containerPort: 443 39 | volumeMounts: 40 | - mountPath: /etc/nginx/ssl 41 | name: secret-volume 42 | - mountPath: /etc/nginx/conf.d 43 | name: configmap-volume 44 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/sleep/policy/sni-wikipedia.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: handler 3 | metadata: 4 | name: wikipedia-checker 5 | namespace: istio-system 6 | spec: 7 | compiledAdapter: listchecker 8 | params: 9 | overrides: ["en.wikipedia.org"] # overrides provide a static list 10 | blacklist: true 11 | --- 12 | apiVersion: config.istio.io/v1alpha2 13 | kind: instance 14 | metadata: 15 | name: requested-server-name 16 | namespace: istio-system 17 | spec: 18 | compiledTemplate: listentry 19 | params: 20 | value: connection.requested_server_name 21 | --- 22 | # Rule to check access to *.wikipedia.org 23 | apiVersion: config.istio.io/v1alpha2 24 | kind: rule 25 | metadata: 26 | name: check-wikipedia-access 27 | namespace: istio-system 28 | spec: 29 | match: source.labels["app"] == "istio-egressgateway-with-sni-proxy" && destination.labels["app"] == "" 30 | actions: 31 | - handler: wikipedia-checker 32 | instances: [ requested-server-name ] 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/tcp-echo/tcp-echo-20-v2.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: networking.istio.io/v1alpha3 16 | kind: VirtualService 17 | metadata: 18 | name: tcp-echo 19 | spec: 20 | hosts: 21 | - "*" 22 | gateways: 23 | - tcp-echo-gateway 24 | tcp: 25 | - match: 26 | - port: 31400 27 | route: 28 | - destination: 29 | host: tcp-echo 30 | port: 31 | number: 9000 32 | subset: v1 33 | weight: 80 34 | - destination: 35 | host: tcp-echo 36 | port: 37 | number: 9000 38 | subset: v2 39 | weight: 20 40 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/websockets/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: tornado 5 | labels: 6 | app: tornado 7 | spec: 8 | ports: 9 | - port: 8888 10 | name: http 11 | selector: 12 | app: tornado 13 | --- 14 | apiVersion: extensions/v1beta1 15 | kind: Deployment 16 | metadata: 17 | name: tornado 18 | spec: 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | app: tornado 24 | version: v1 25 | spec: 26 | containers: 27 | - name: tornado 28 | image: hiroakis/tornado-websocket-example 29 | imagePullPolicy: IfNotPresent 30 | ports: 31 | - containerPort: 8888 32 | --- 33 | -------------------------------------------------------------------------------- /student/istio-1.2.2/samples/websockets/route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: tornado-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: tornado 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - tornado-gateway 25 | http: 26 | - match: 27 | - uri: 28 | prefix: / 29 | route: 30 | - destination: 31 | host: tornado 32 | weight: 100 33 | websocketUpgrade: true 34 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/cache_buster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "config.istio.io/v1alpha2" 2 | kind: denier 3 | metadata: 4 | name: denyall 5 | spec: 6 | status: 7 | code: 7 8 | message: Not allowed 9 | --- 10 | apiVersion: "config.istio.io/v1alpha2" 11 | kind: checknothing 12 | metadata: 13 | name: denyrequest 14 | spec: 15 | --- 16 | apiVersion: "config.istio.io/v1alpha2" 17 | kind: rule 18 | metadata: 19 | name: mixercachebuster 20 | spec: 21 | # one direction 1->2 will use the cache, while 2->1 will not use the cache. 22 | # TODO: parametrize the namespace of find a way to get short names to work: 23 | # TODO: this appears to always bust the cache, even if dest is echosrv1 ! 24 | match: destination.service == "echosrv1.istio.svc.cluster.local" && request.headers["x-request-id"] == "foo" 25 | # test that denial does work 26 | # match: destination.service == "echosrv1.istio.svc.cluster.local" && request.headers["x-forwarded-proto"] == "http" && source.service == "echosrv2.istio.svc.cluster.local" 27 | actions: 28 | # handler and instance names default to the rule's namespace. 29 | - handler: denyall.denier 30 | instances: 31 | - denyrequest.checknothing 32 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/checker/envvarlinter/README.md: -------------------------------------------------------------------------------- 1 | # envvarlinter 2 | 3 | envvarlinter ensures that non-test files don't use os.Getenv and os.LookupEnv and instead use the functions from pkg/env. 4 | 5 | envvarlinter is based on [Checker](../README.md), and this package provides the [custom rules](rules) implementation. 6 | 7 | # Whitelist 8 | 9 | If, for some reason, you want to disable lint rule for a file, you can add the file path and rule ID in 10 | [whitelist.go](whitelist.go). Rule ID is the name of that rule file without `.go` extension. 11 | You could also specify file path in regex. 12 | 13 | If you want to disable all rules for a file path, you can specify `*` as the ID. 14 | 15 | Example: 16 | ```base 17 | var Whitelist = map[string][]string{ 18 | "/istio/mixer/pkg/*": {"skip_issue", "short_skip"}, 19 | "/istio/pilot/pkg/simply_test.go": {"*"}, 20 | } 21 | ``` 22 | 23 | # Running testlinter 24 | 25 | There are two ways to run this linter. 26 | ```bash 27 | go install 28 | testlinter 29 | ``` 30 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/checker/envvarlinter/testdata/envuse.go: -------------------------------------------------------------------------------- 1 | package testdata 2 | 3 | import "os" 4 | 5 | func Envuse() { 6 | _ = os.Getenv("DONTDOIT") 7 | _, _ = os.LookupEnv("ANDDONTDOTHISEITHER") 8 | } 9 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/checker/envvarlinter/whitelist.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | // Whitelist contains pairs of file and rule IDs. Each file maps to an array of rules which 18 | // should not apply to that file. Each rule is represented by its unique rule ID, which is the 19 | // file name of that rule without ".go" extension in the rules package. 20 | var Whitelist = map[string][]string{} 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/checker/testlinter/testlinter: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/djannot/dcos-kubernetes-training/602106ef3a86c38f8ff95fb1cdbecb53ce161429/student/istio-1.2.2/tools/checker/testlinter/testlinter -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/checker/testlinter/whitelist.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | // Whitelist contains pairs of file and rule IDs. Each file maps to an array of rules which 18 | // should not apply to that file. Each rule is represented by its unique rule ID, which is the 19 | // file name of that rule without ".go" extension in the rules package. 20 | var Whitelist = map[string][]string{} 21 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/githubContrib/Contributions.txt: -------------------------------------------------------------------------------- 1 | Here is the current (as of January 2018) alphabetical list of companies and the number of contributors: 2 | Apache.org (1), Apprenda (1), Calcotestudios (1), CMU (1), Google (34), Hashbangbash (1), Hootsuite (1), Ibm (11), Redhat (2), Unknown (12) 3 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/hyperistio/README.md: -------------------------------------------------------------------------------- 1 | HyperIstio is a standalone server including multiple istio components, with default 2 | configuration suited for local testing. 3 | 4 | - config defaults to tests/testdata/config 5 | - default ports used 6 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/license/manual_append/signalfx.txt: -------------------------------------------------------------------------------- 1 | Package: github.com/signalfx/com_signalfx_metrics_protobuf 2 | License URL: https://github.com/istio/istio/blob/release-1.0/vendor/github.com/signalfx/com_signalfx_metrics_protobuf 3 | License text: 4 | ## License 5 | 6 | Apache Software License v2. Copyright © 2015-2017 SignalFx 7 | 8 | ----------------------------------------------------------- 9 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/common/envoy_bootstrap_drain.json: -------------------------------------------------------------------------------- 1 | { 2 | } 3 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/common/istio-auth-node-agent.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=istio-auth-node-agent: The Istio auth node agent 3 | Documentation=https://istio.io/ 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/istio-node-agent-start.sh 7 | Restart=always 8 | StartLimitInterval=0 9 | RestartSec=10 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/common/istio.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=istio-sidecar: The Istio sidecar 3 | Documentation=http://istio.io/ 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/istio-start.sh 7 | Restart=always 8 | StartLimitInterval=0 9 | RestartSec=10 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/deb/Dockerfile: -------------------------------------------------------------------------------- 1 | # Base dockerfile containing ubuntu and istio debian. 2 | # Can be used for testing 3 | FROM istionightly/base_debug 4 | 5 | # Micro pilot+mock mixer+echo, local kube 6 | COPY hyperistio kube-apiserver etcd kubectl /usr/local/bin/ 7 | COPY *.yaml /var/lib/istio/config/ 8 | COPY certs/ /var/lib/istio/ 9 | COPY certs/default/* /etc/certs/ 10 | 11 | COPY istio.deb /tmp 12 | COPY istio-sidecar.deb /tmp 13 | COPY deb_test.sh /usr/local/bin/ 14 | 15 | # Root and istio are not intercepted 16 | RUN adduser istio-test --system 17 | 18 | # Verify the debian files can be installed 19 | RUN dpkg -i /tmp/istio-sidecar.deb && rm /tmp/istio-sidecar.deb 20 | RUN dpkg -i /tmp/istio.deb && rm /tmp/istio.deb 21 | 22 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/packaging.mk: -------------------------------------------------------------------------------- 1 | #remove leading characters since package version expects to start with digit 2 | PACKAGE_VERSION ?= $(shell echo $(VERSION) | sed 's/^[a-z]*-//' | sed 's/-//') 3 | 4 | # Building the debian file, docker.istio.deb and istio.deb 5 | include tools/packaging/deb/istio.mk 6 | 7 | # RPM/RHEL/CENTOS stuff 8 | include tools/packaging/rpm/rpm.mk 9 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/rpm/Dockerfile.build: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | RUN yum upgrade -y && \ 4 | yum install -y epel-release centos-release-scl && \ 5 | yum install -y fedpkg golang sudo make which cmake3 \ 6 | automake autoconf autogen libtool \ 7 | devtoolset-6-gcc devtoolset-6-gcc-c++ \ 8 | devtoolset-6-libatomic-devel ninja-build && \ 9 | yum clean all 10 | 11 | RUN curl -o /root/bazel-installer.sh -L http://github.com/bazelbuild/bazel/releases/download/0.22.0/bazel-0.22.0-installer-linux-x86_64.sh && \ 12 | chmod +x /root/bazel-installer.sh && \ 13 | /root/bazel-installer.sh 14 | 15 | RUN ln -s /usr/bin/cmake3 /usr/bin/cmake && \ 16 | ln -s /usr/bin/ninja-build /usr/bin/ninja 17 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/rpm/build-istio-rpm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #set -x 4 | 5 | # We rely on the following ENV variables: 6 | # ISTIO_GO 7 | # ISTIO_OUT 8 | # USER_ID 9 | # GROUP_ID 10 | 11 | PKG_DIR="${ISTIO_GO}/tools/packaging" 12 | WORK_DIR="$(mktemp -d)" 13 | 14 | cp -r "${PKG_DIR}" "${WORK_DIR}" 15 | mv "${WORK_DIR}"/packaging/common/* "${WORK_DIR}"/packaging/rpm/istio 16 | 17 | cd "${ISTIO_GO}/.." || exit 1 18 | tar cfz "${WORK_DIR}/packaging/rpm/istio/istio.tar.gz" --exclude=.git istio 19 | 20 | cd "${WORK_DIR}/packaging/rpm/istio" || exit 1 21 | 22 | if [ -n "${PACKAGE_VERSION}" ]; then 23 | sed -i "s/%global package_version .*/%global package_version ${PACKAGE_VERSION}/" istio.spec 24 | fi 25 | if [ -n "${PACKAGE_RELEASE}" ]; then 26 | sed -i "s/%global package_release .*/%global package_release ${PACKAGE_RELEASE}/" istio.spec 27 | fi 28 | 29 | fedpkg --release el7 local 30 | 31 | mkdir -p "${ISTIO_OUT}/rpm" 32 | cp -r x86_64/* "${ISTIO_OUT}/rpm" 33 | chown -R "${USER_ID}":"${GROUP_ID}" "${ISTIO_OUT}/rpm" 34 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/rpm/proxy/bazelrc: -------------------------------------------------------------------------------- 1 | build --cxxopt -D_GLIBCXX_USE_CXX11_ABI=1 2 | build --cxxopt -DENVOY_IGNORE_GLIBCXX_USE_CXX11_ABI_ERROR=1 3 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/packaging/rpm/rpm.mk: -------------------------------------------------------------------------------- 1 | rpm: rpm/builder-image rpm/istio rpm/proxy 2 | 3 | rpm/istio: 4 | docker run --rm -it \ 5 | -v ${GO_TOP}:${GO_TOP} \ 6 | -w ${PWD} \ 7 | -e USER=${USER} \ 8 | -e TAG=${TAG} \ 9 | -e ISTIO_GO=${ISTIO_GO} \ 10 | -e ISTIO_OUT=${ISTIO_OUT} \ 11 | -e PACKAGE_VERSION=${PACKAGE_VERSION} \ 12 | -e USER_ID=$(shell id -u) \ 13 | -e GROUP_ID=$(shell id -g) \ 14 | istio-rpm-builder \ 15 | tools/packaging/rpm/build-istio-rpm.sh 16 | 17 | rpm/proxy: 18 | docker run --rm -it \ 19 | -v ${GO_TOP}:${GO_TOP} \ 20 | -w /builder \ 21 | -e USER=${USER} \ 22 | -e ISTIO_ENVOY_VERSION=${ISTIO_ENVOY_VERSION} \ 23 | -e ISTIO_GO=${ISTIO_GO} \ 24 | -e ISTIO_OUT=${ISTIO_OUT} \ 25 | -e PACKAGE_VERSION=${PACKAGE_VERSION} \ 26 | -e USER_ID=$(shell id -u) \ 27 | -e GROUP_ID=$(shell id -g) \ 28 | istio-rpm-builder \ 29 | ${PWD}/tools/packaging/rpm/build-proxy-rpm.sh 30 | 31 | rpm/builder-image: 32 | docker build -t istio-rpm-builder -f ${PWD}/tools/packaging/rpm/Dockerfile.build ${PWD}/tools/packaging/rpm 33 | 34 | .PHONY: \ 35 | rpm \ 36 | rpm/istio \ 37 | rpm/proxy \ 38 | rpm/builder-image 39 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/perf_istio_rules.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: fortio-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway # use istio default controller 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: fortio 20 | spec: 21 | hosts: 22 | - "*" 23 | gateways: 24 | - fortio-gateway 25 | http: 26 | - match: 27 | - uri: 28 | prefix: /fortio1/ 29 | route: 30 | - destination: 31 | host: echosrv1.istio.svc.cluster.local 32 | port: 33 | number: 8080 34 | rewrite: 35 | uri: / # drop the /fortio1 prefix when talking to fortio such as /fortio1/fortio -> /fortio 36 | - match: 37 | - uri: 38 | prefix: /fortio2/ 39 | route: 40 | - destination: 41 | host: echosrv2.istio.svc.cluster.local 42 | port: 43 | number: 8080 44 | rewrite: 45 | uri: / # drop the /fortio2 prefix when talking to fortio such as /fortio2/fortio -> /fortio 46 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/setup_run: -------------------------------------------------------------------------------- 1 | # very basic local run, this is meant to be source'ed 2 | set -x 3 | ulimit -n 16384 4 | mkdir -p emptydir 5 | mkdir -p mixerconfig 6 | cp istio/mixer/testdata/config/* mixerconfig/ 7 | rm mixerconfig/stackdriver.yaml 8 | cd istio; set +x; source bin/use_bazel_go.sh ; set -x; cd .. 9 | # Need to have go installed and GOPATH/bin in the path 10 | fortio server & 11 | ( cd proxy/src/envoy/http/mixer; ./start_envoy > /tmp/envoy.log ) & 12 | ./istio/bazel-bin/mixer/cmd/mixs/mixs server --configStoreURL=fs://$(pwd)/mixerconfig --configStoreURL=fs://$(pwd)/emptydir 2> /tmp/mixs.2.log > /tmp/mixs.1.log & 13 | echo "starting everything..." 14 | sleep 3 15 | curl -v http://localhost:9090/debug 16 | sleep 1 17 | curl -v http://localhost:42422/metrics 18 | set +x 19 | echo "you can now run: fortio load -qps 0 -c 16 http://localhost:9090/echo" 20 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/update_all: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # update and rebuild from source 3 | set -e 4 | set -x 5 | cd istio 6 | git pull 7 | bazel build -c opt mixer/cmd/mixs:mixs 8 | cd ../proxy 9 | git pull 10 | bazel build -c opt src/envoy/mixer:envoy 11 | go get -u fortio.org/fortio 12 | set +x 13 | echo "### All done... source istio/tools/setup_run now" 14 | -------------------------------------------------------------------------------- /student/istio-1.2.2/tools/vagrant/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! 5 | VAGRANTFILE_API_VERSION = "2" 6 | 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 8 | # Every Vagrant virtual environment requires a box to build off of. 9 | config.vm.box = "ubuntu/trusty64" 10 | config.vm.network "forwarded_port", guest: 5000, host: 5000 11 | config.vm.network "private_network", ip: "192.168.33.100" 12 | config.vm.provider "virtualbox" do |v| 13 | v.memory = 2048 14 | v.cpus = 2 15 | end 16 | # Share the home directory for access to host source code 17 | config.vm.synced_folder "../../", "/home/vagrant/golang/src/istio.io/istio", owner: "vagrant", group: "vagrant" 18 | 19 | # Now run manual shell script for additional provisioning: 20 | config.vm.provision "shell", path: "./provision-vagrant.sh" 21 | 22 | end 23 | 24 | -------------------------------------------------------------------------------- /student/options-kubernetes-cluster.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "training/prod/k8s/clusterTOBEREPLACED", 4 | "service_account": "training-prod-k8s-clusterTOBEREPLACED", 5 | "service_account_secret": "/training/prod/k8s/clusterTOBEREPLACED/private-training-prod-k8s-clusterTOBEREPLACED" 6 | }, 7 | "kubernetes": { 8 | "authorization_mode": "RBAC", 9 | "dcos_token_authentication": false, 10 | "high_availability": false, 11 | "private_node_count": 2, 12 | "private_reserved_resources": { 13 | "kube_cpus": 4, 14 | "kube_mem": 4096 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /student/setup-kubernetes-cluster-permissions.sh: -------------------------------------------------------------------------------- 1 | export SERVICEPATH=${APPNAME}/prod/k8s/cluster${CLUSTER} 2 | export SERVICEACCOUNT=$(echo ${SERVICEPATH} | sed 's/\//-/g') 3 | export ROLE=$(echo ${SERVICEPATH} | sed 's/\//__/g')-role 4 | 5 | ./create-service-account.sh 6 | ./grant-permissions.sh 7 | 8 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:task:user:root create 9 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:agent:task:user:root create 10 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:framework:role:slave_public/${ROLE} create 11 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:framework:role:slave_public/${ROLE} read 12 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:reservation:role:slave_public/${ROLE} create 13 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:volume:role:slave_public/${ROLE} create 14 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:master:framework:role:slave_public read 15 | dcos security org users grant ${SERVICEACCOUNT} dcos:mesos:agent:framework:role:slave_public read 16 | 17 | mv private-training-prod-k8s-cluster${CLUSTER}.pem /tmp 18 | mv public-training-prod-k8s-cluster${CLUSTER}.pem /tmp 19 | -------------------------------------------------------------------------------- /teardown.md: -------------------------------------------------------------------------------- 1 | # Teardown 2 | 3 | ## Variables 4 | Run the following command to export the environment variables needed for teardown: 5 | ``` 6 | export REGION= 7 | export CLUSTER= 8 | ``` 9 | 10 | ## Detatch and Delete EBS Volumes 11 | Because the EBS volumes used by Portworx were created out-of-band to Terraform, run the script below to remove these resources 12 | ``` 13 | ./detach-and-delete-volumes.sh 14 | ``` 15 | 16 | ## Remove AWS IAM Policy for CSI through the AWS Console 17 | Because the AWS IAM Policy for CSI was created out-of-band to Terraform, navigate to the AWS Console --> IAM --> Cluster Name to remove the CSI policy 18 | 19 | ![IAM Policy](https://github.com/ably77/dcos-kubernetes-training/blob/master/images/instructor_1.png) 20 | 21 | ## Destroy your Terraform Cluster 22 | ``` 23 | export AWS_DEFAULT_REGION="us-west-2" 24 | export AWS_PROFILE=110465657741_Mesosphere-PowerUser 25 | terraform destroy 26 | ``` 27 | --------------------------------------------------------------------------------